subject:"Re\: shutdown user and accountability"

Re: thanks! [was Re: shutdown user and accountability]

2001-12-11 Thread Carel Fellinger

On Tue, Dec 11, 2001 at 01:46:11PM +0900, Olaf Meeuwissen wrote:
...
> Thanks to everyone who responded.  I should have been a little clearer
> on the system setup.  The machine in question consists of a main unit
> and a bunch of externally attached hard disks connected to a network.
> It has no monitor, keyboard (what Ctrl-Alt-Del?) and mouse.

but it does have a parallel port, doesn't?

Then it's dead simple to connect a switch to it, monitor that switch
and apply the whole camcorder stuff if you want.  This way, at least
you restrict access to those who have physical access:)

-- 
groetjes, carel

Re: thanks! [was Re: shutdown user and accountability]

2001-12-11 Thread Carel Fellinger

On Tue, Dec 11, 2001 at 01:46:11PM +0900, Olaf Meeuwissen wrote:
...
> Thanks to everyone who responded.  I should have been a little clearer
> on the system setup.  The machine in question consists of a main unit
> and a bunch of externally attached hard disks connected to a network.
> It has no monitor, keyboard (what Ctrl-Alt-Del?) and mouse.

but it does have a parallel port, doesn't?

Then it's dead simple to connect a switch to it, monitor that switch
and apply the whole camcorder stuff if you want.  This way, at least
you restrict access to those who have physical access:)

-- 
groetjes, carel

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

thanks! [was Re: shutdown user and accountability]

2001-12-10 Thread Olaf Meeuwissen

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Olaf Meeuwissen <[EMAIL PROTECTED]> wrote:

> I'm maintaining a (small-time) group server for our department.  In
> order to satisfy company policy requirements I need to provide a way
> to shutdown the server in case of emergencies.  Our network admin was
> kind enough to give me two alternatives:
> 
>   1) provide an on-screen shutdown button
>   2) provide a shutdown user account (and document its usage)
> 
> I didn't like either approach because they lack accountability: after
> a shutdown I can't tell *who* did it.
> BTW, the server has no screen for buttons, so 1) is not an option to
> begin with.  You have to ssh in to do anything (exploit one of inetd,
> exim, samba or apache in some way may be an alternative ;-).
> 
> I came up with a 'sudo /sbin/halt' for department members (and others
> on an as needed basis), but that was no good.  Everyone has to be able
> to shut it down.  I racked my brains but didn't come up with anything
> that provides accountability.  Anyone any suggestions?
> 
> Right now, I'm stuck with 2) and writing the password on the machine
> (or similar) *or* stay with what I have now and take my chances with
> people flicking the power switch.
> BTW, the server is not in a physically secure location, so I run the
> power switch thingy risk anyway.
> 
> Suggestions, discussions of pros and cons welcome,

Thanks to everyone who responded.  I should have been a little clearer
on the system setup.  The machine in question consists of a main unit
and a bunch of externally attached hard disks connected to a network.
It has no monitor, keyboard (what Ctrl-Alt-Del?) and mouse.

As I already feared, it is impossible to provide a shutdown account
without giving up accountability.  Some pointed out (correctly) that
without physical security I didn't have accountability to begin with,
but I was wondering whether I needed to sacrifice it even further.

Some replies suggested I validate against a general database, e.g. for
Winblows logon (that'd be just about the only viable alternative in my
situation).  That could be a nice approach, but one would have to be
able to trust that database (and since it is not under my control ...
btw, I hope it stays that way, win-DoS shudder ;-)

The replies regarding journalling file systems reminded me of the fact
that I still have to look into those (especially since we have annual
thunderstorms occasionally knocking the power out).

I liked the camera idea!  If I get some time, I may give it a go.  We
have quite a few digital camera's around here and one on my machine
wouldn't look like an obvious security measure.

Finally, one reply mentioned that I would have the IP address logged
right before the shutdown because people that want to shut down the
machine have to ssh in.  Shame on me for forgetting that.

In the mean time, our network administrator seems to have seen the
light and now requires a shutdown account so he can shut the machine
down anytime he needs to.  With that I can live, so I provided one
where all he can do is shut the machine down.  Should he choose to
share the password, then that is his problem.

So, I've added a user along the following line

  shutdown:x:1000:1000::/tmp:/usr/local/sbin/shutdown

where /usr/local/sbin/shutdown (root.root 0755) looks like

  #! /bin/sh
  exec /usr/bin/sudo -K /sbin/halt

and added the shutdown user to the users allowed to run /sbin/halt in
my sudo setup.  I liked this better than another setup they suggested
at work (for a Solaris box) where they add a user as

  shutdown:x:0:0::/etc/shutdown:/etc/shutdown/shutdown

with /etc/shutdown/shutdown (root.root 0744) looking like

  #! /bin/sh
  echo "Do you want to shutdown now? (y or n):   \c"
  read yn
  if [ $yn = 'y' -o $yn = 'Y' ] ; then
  sync
  sync
  sync
  sleep 3
  /usr/sbin/shutdown -i0 -g0
  fi
  exit 0

I didn't see any obvious flaws in the above script, but I disliked the
prompting and, what's more, the shutdown user has r00t privileges!

Anyway, thanks to all the paranoid folks who responded.
- -- 
Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
LPIC-2   -- I hack, therefore I am -- BOFH
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 

iD8DBQE8FY+RFsfyfWvjfZARAl79AJ9dl/klAaeBF3dpm7IhUE1lG1FLXwCcC8EK
udWwBZsyQAsDaVNVEpt3Yh0=
=tMSt
-END PGP SIGNATURE-

thanks! [was Re: shutdown user and accountability]

2001-12-10 Thread Olaf Meeuwissen

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Olaf Meeuwissen <[EMAIL PROTECTED]> wrote:

> I'm maintaining a (small-time) group server for our department.  In
> order to satisfy company policy requirements I need to provide a way
> to shutdown the server in case of emergencies.  Our network admin was
> kind enough to give me two alternatives:
> 
>   1) provide an on-screen shutdown button
>   2) provide a shutdown user account (and document its usage)
> 
> I didn't like either approach because they lack accountability: after
> a shutdown I can't tell *who* did it.
> BTW, the server has no screen for buttons, so 1) is not an option to
> begin with.  You have to ssh in to do anything (exploit one of inetd,
> exim, samba or apache in some way may be an alternative ;-).
> 
> I came up with a 'sudo /sbin/halt' for department members (and others
> on an as needed basis), but that was no good.  Everyone has to be able
> to shut it down.  I racked my brains but didn't come up with anything
> that provides accountability.  Anyone any suggestions?
> 
> Right now, I'm stuck with 2) and writing the password on the machine
> (or similar) *or* stay with what I have now and take my chances with
> people flicking the power switch.
> BTW, the server is not in a physically secure location, so I run the
> power switch thingy risk anyway.
> 
> Suggestions, discussions of pros and cons welcome,

Thanks to everyone who responded.  I should have been a little clearer
on the system setup.  The machine in question consists of a main unit
and a bunch of externally attached hard disks connected to a network.
It has no monitor, keyboard (what Ctrl-Alt-Del?) and mouse.

As I already feared, it is impossible to provide a shutdown account
without giving up accountability.  Some pointed out (correctly) that
without physical security I didn't have accountability to begin with,
but I was wondering whether I needed to sacrifice it even further.

Some replies suggested I validate against a general database, e.g. for
Winblows logon (that'd be just about the only viable alternative in my
situation).  That could be a nice approach, but one would have to be
able to trust that database (and since it is not under my control ...
btw, I hope it stays that way, win-DoS shudder ;-)

The replies regarding journalling file systems reminded me of the fact
that I still have to look into those (especially since we have annual
thunderstorms occasionally knocking the power out).

I liked the camera idea!  If I get some time, I may give it a go.  We
have quite a few digital camera's around here and one on my machine
wouldn't look like an obvious security measure.

Finally, one reply mentioned that I would have the IP address logged
right before the shutdown because people that want to shut down the
machine have to ssh in.  Shame on me for forgetting that.

In the mean time, our network administrator seems to have seen the
light and now requires a shutdown account so he can shut the machine
down anytime he needs to.  With that I can live, so I provided one
where all he can do is shut the machine down.  Should he choose to
share the password, then that is his problem.

So, I've added a user along the following line

  shutdown:x:1000:1000::/tmp:/usr/local/sbin/shutdown

where /usr/local/sbin/shutdown (root.root 0755) looks like

  #! /bin/sh
  exec /usr/bin/sudo -K /sbin/halt

and added the shutdown user to the users allowed to run /sbin/halt in
my sudo setup.  I liked this better than another setup they suggested
at work (for a Solaris box) where they add a user as

  shutdown:x:0:0::/etc/shutdown:/etc/shutdown/shutdown

with /etc/shutdown/shutdown (root.root 0744) looking like

  #! /bin/sh
  echo "Do you want to shutdown now? (y or n):   \c"
  read yn
  if [ $yn = 'y' -o $yn = 'Y' ] ; then
  sync
  sync
  sync
  sleep 3
  /usr/sbin/shutdown -i0 -g0
  fi
  exit 0

I didn't see any obvious flaws in the above script, but I disliked the
prompting and, what's more, the shutdown user has r00t privileges!

Anyway, thanks to all the paranoid folks who responded.
- -- 
Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
LPIC-2   -- I hack, therefore I am -- BOFH
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 

iD8DBQE8FY+RFsfyfWvjfZARAl79AJ9dl/klAaeBF3dpm7IhUE1lG1FLXwCcC8EK
udWwBZsyQAsDaVNVEpt3Yh0=
=tMSt
-END PGP SIGNATURE-

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-29 Thread Warren Turkal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

This would be a wonderful application of OTP's.

On Thursday 29 November 2001 11:59 am, Niall Walsh wrote:
> Maybe put
> the password with the security guard so he can record who took the
> passwd to reset it (obviously you need to reset the password then
> etc.)

- -- 
Warren

GPG Fingerprint: 30C8 BDF1 B133 14CB 832F  2C5D 99A1 A19F 559D 9E88
GPG Public Key @ http://www.cbu.edu/~wturkal/wturkal.gpg

- -BEGIN GEEK CODE BLOCK-
Version: 3.12
GCS d- s: a-- C++ UL+ P+ L+++ E W++ N+ o-- K- w--- 
O M+ V-- PS+ PE Y+ PGP++ t 5 X R tv+ b+ DI+ D+ 
G e h-- r y? 
- --END GEEK CODE BLOCK--
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8BvComaGhn1WdnogRAng/AJwNaZIvi7U4TuO5j1mLLyE3iq5woQCeITxO
eNSDlyPCBFljB5sd63pSQzU=
=MXoU
-END PGP SIGNATURE-

Re: shutdown user and accountability

2001-11-29 Thread Warren Turkal


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

This would be a wonderful application of OTP's.

On Thursday 29 November 2001 11:59 am, Niall Walsh wrote:
> Maybe put
> the password with the security guard so he can record who took the
> passwd to reset it (obviously you need to reset the password then
> etc.)

- -- 
Warren

GPG Fingerprint: 30C8 BDF1 B133 14CB 832F  2C5D 99A1 A19F 559D 9E88
GPG Public Key @ http://www.cbu.edu/~wturkal/wturkal.gpg

- -BEGIN GEEK CODE BLOCK-
Version: 3.12
GCS d- s: a-- C++ UL+ P+ L+++ E W++ N+ o-- K- w--- 
O M+ V-- PS+ PE Y+ PGP++ t 5 X R tv+ b+ DI+ D+ 
G e h-- r y? 
- --END GEEK CODE BLOCK--
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8BvComaGhn1WdnogRAng/AJwNaZIvi7U4TuO5j1mLLyE3iq5woQCeITxO
eNSDlyPCBFljB5sd63pSQzU=
=MXoU
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-29 Thread Petro

On Thu, Nov 29, 2001 at 05:59:40PM +, Niall Walsh wrote:
> Carel Fellinger wrote:
> >On Thu, Nov 29, 2001 at 10:37:24AM +, Niall Walsh wrote:
> >>I can't resist it!
> >me too:)
> >>Add a usb digital camera to the box and only allow people who are not 
> >I've thought of this too, but rejected it because it's s easy to
> >circumvent, just place your hand in front of the camera.
> Not if they don't know where it is or even that it exists :-)   I'd be 
> sneeking it into the case perhaps so it looks out a drive bay or else 
> building it into something.   Also you could use a capture card hooked 
> up to a pin hole camera and for completeness (but system performance 
> thrashing) use motion detection to make sure you get them before they 
> get the hand in place!

Have the camera take 1 shot every second (or .5 seconds) and save
them in a round-robin naming fashion e.g.:

shot1.jpg, shot2.jpg, shot3.jpg...shot10.jpg, shot1.jpg, and then
have an init-script move the directory they are in to something like
pic.old/.

That way you have the last 5-10 seconds on the machines life. 

Yeah, this is getting seriously rube-goldberg. 

> Seriously crazy, but what else can you do if you really want to supply 
> anyone with the ability to shut it down AND know who did it!   Maybe put 
> the password with the security guard so he can record who took the 
> passwd to reset it (obviously you need to reset the password then etc.)

-- 
Share and Enjoy.

Re: shutdown user and accountability

2001-11-29 Thread Petro


On Thu, Nov 29, 2001 at 05:59:40PM +, Niall Walsh wrote:
> Carel Fellinger wrote:
> >On Thu, Nov 29, 2001 at 10:37:24AM +, Niall Walsh wrote:
> >>I can't resist it!
> >me too:)
> >>Add a usb digital camera to the box and only allow people who are not 
> >I've thought of this too, but rejected it because it's s easy to
> >circumvent, just place your hand in front of the camera.
> Not if they don't know where it is or even that it exists :-)   I'd be 
> sneeking it into the case perhaps so it looks out a drive bay or else 
> building it into something.   Also you could use a capture card hooked 
> up to a pin hole camera and for completeness (but system performance 
> thrashing) use motion detection to make sure you get them before they 
> get the hand in place!

Have the camera take 1 shot every second (or .5 seconds) and save
them in a round-robin naming fashion e.g.:

shot1.jpg, shot2.jpg, shot3.jpg...shot10.jpg, shot1.jpg, and then
have an init-script move the directory they are in to something like
pic.old/.

That way you have the last 5-10 seconds on the machines life. 

Yeah, this is getting seriously rube-goldberg. 

> Seriously crazy, but what else can you do if you really want to supply 
> anyone with the ability to shut it down AND know who did it!   Maybe put 
> the password with the security guard so he can record who took the 
> passwd to reset it (obviously you need to reset the password then etc.)

-- 
Share and Enjoy. 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-29 Thread Niall Walsh


Carel Fellinger wrote:


On Thu, Nov 29, 2001 at 10:37:24AM +, Niall Walsh wrote:


I can't resist it!



me too:)


Add a usb digital camera to the box and only allow people who are not 



I've thought of this too, but rejected it because it's s easy to
circumvent, just place your hand in front of the camera.

Not if they don't know where it is or even that it exists :-)   I'd be 
sneeking it into the case perhaps so it looks out a drive bay or else 
building it into something.   Also you could use a capture card hooked 
up to a pin hole camera and for completeness (but system performance 
thrashing) use motion detection to make sure you get them before they 
get the hand in place!


Seriously crazy, but what else can you do if you really want to supply 
anyone with the ability to shut it down AND know who did it!   Maybe put 
the password with the security guard so he can record who took the 
passwd to reset it (obviously you need to reset the password then etc.)


Niall

Re: shutdown user and accountability

2001-11-29 Thread Paul Fleischer

ons, 2001-11-28 kl. 02:58 skrev Olaf Meeuwissen:
> That's exactly what my sudo setup does right now.  The problem is that
> apparently *everyone* needs to be able to shut down the machine (for
> reasons that are beyond me).  Added accounts on an as needed basis is
> fine with me, but I don't fancy creating, oh, 250+ password protected
> accounts just to meet policy.

Where are the users/passwords stored now? Windows, Novell, Unix System??
It should be possible to authenticate against the companies password
database in some way. This way you won't have to create those accounts,
but people would still be able to login (the technical procedure will be
slighly different depending on how the user/password machine/database
works).

Or am I getting something wrong?


--
Paul Fleischer // ProGuy
Registered Linux User #166300
http://counter.li.org

Re: shutdown user and accountability

2001-11-29 Thread Niall Walsh


Carel Fellinger wrote:

>On Thu, Nov 29, 2001 at 10:37:24AM +, Niall Walsh wrote:
>
>>I can't resist it!
>>
>
>me too:)
> 
>
>>Add a usb digital camera to the box and only allow people who are not 
>>
>
>I've thought of this too, but rejected it because it's s easy to
>circumvent, just place your hand in front of the camera.
>
Not if they don't know where it is or even that it exists :-)   I'd be 
sneeking it into the case perhaps so it looks out a drive bay or else 
building it into something.   Also you could use a capture card hooked 
up to a pin hole camera and for completeness (but system performance 
thrashing) use motion detection to make sure you get them before they 
get the hand in place!

Seriously crazy, but what else can you do if you really want to supply 
anyone with the ability to shut it down AND know who did it!   Maybe put 
the password with the security guard so he can record who took the 
passwd to reset it (obviously you need to reset the password then etc.)

Niall



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-29 Thread Carel Fellinger

On Thu, Nov 29, 2001 at 10:37:24AM +, Niall Walsh wrote:
> I can't resist it!

me too:)

> Add a usb digital camera to the box and only allow people who are not 

I've thought of this too, but rejected it because it's s easy to
circumvent, just place your hand in front of the camera.

-- 
groetjes, carel

Re: shutdown user and accountability

2001-11-29 Thread Paul Fleischer


ons, 2001-11-28 kl. 02:58 skrev Olaf Meeuwissen:
> That's exactly what my sudo setup does right now.  The problem is that
> apparently *everyone* needs to be able to shut down the machine (for
> reasons that are beyond me).  Added accounts on an as needed basis is
> fine with me, but I don't fancy creating, oh, 250+ password protected
> accounts just to meet policy.

Where are the users/passwords stored now? Windows, Novell, Unix System??
It should be possible to authenticate against the companies password
database in some way. This way you won't have to create those accounts,
but people would still be able to login (the technical procedure will be
slighly different depending on how the user/password machine/database
works).

Or am I getting something wrong?


--
Paul Fleischer // ProGuy
Registered Linux User #166300
http://counter.li.org



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-29 Thread Carel Fellinger


On Thu, Nov 29, 2001 at 10:37:24AM +, Niall Walsh wrote:
> I can't resist it!

me too:)
 
> Add a usb digital camera to the box and only allow people who are not 

I've thought of this too, but rejected it because it's s easy to
circumvent, just place your hand in front of the camera.

-- 
groetjes, carel


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-29 Thread Niall Walsh


I can't resist it!

Add a usb digital camera to the box and only allow people who are not 
logged in via ssh (and therefore known users) to shut the machine down 
by using the Ctrl+Alt+Del on a keyboard.   Add a shutdown init script to 
the start of the process which takes a few snaps of the shutdownee.   
Silly but seems to meet your criteria (you never said you didn't want to 
add extra hardware).   Other than something like this I cannot imagine 
any solution that would meet your requirements AND the companies (they 
obviously want anyone to be able to shut it down, but you want to know 
who did it and a terminal will never know unless each user has a login).


Niall


Gerhard Schneider wrote:


On Wed, 2001-11-28 at 01:51, Olaf Meeuwissen wrote:


Dear .debs,

I'm maintaining a (small-time) group server for our department.  In
order to satisfy company policy requirements I need to provide a way
to shutdown the server in case of emergencies.  Our network admin was
kind enough to give me two alternatives:

 1) provide an on-screen shutdown button



Could be made rather easy by using a mouse and the special features of
gpm.
  Special commands are toggled by triple-clicking  the  left
  and  right button -- an unlikely event during normal mouse
  usage. The easiest way to triple-click is pressing one  of
  the  buttons  and triple-click the other one. When special
  processing is toggled, a message appears  on  the  console
  (and  the  speaker beeps twice, if you have a speaker); if
  the user releases all the buttons and presses one of  them
  again  within three seconds, then the special command cor
  responding to the button is executed.

  The default special commands are:

  left button
 Reboot the system by signalling the init process

  middle button (if any)
 Execute `/sbin/shutdown -h now'

  right button
 Execute `/sbin/shutdown -r now'


 2) provide a shutdown user account (and document its usage)

I didn't like either approach because they lack accountability: after
a shutdown I can't tell *who* did it.
BTW, the server has no screen for buttons, so 1) is not an option to
begin with.  You have to ssh in to do anything (exploit one of inetd,
exim, samba or apache in some way may be an alternative ;-).

I came up with a 'sudo /sbin/halt' for department members (and others
on an as needed basis), but that was no good.  Everyone has to be able
to shut it down.  I racked my brains but didn't come up with anything
that provides accountability.  Anyone any suggestions?



If it's too hard to log the user, who made the shutdown, maybe it would
be enough to use sshd or netfilter to log the workstation which was
used.


Right now, I'm stuck with 2) and writing the password on the machine
(or similar) *or* stay with what I have now and take my chances with
people flicking the power switch.
BTW, the server is not in a physically secure location, so I run the
power switch thingy risk anyway.

Suggestions, discussions of pros and cons welcome,
--
Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
LPIC-2   -- I hack, therefore I am -- BOFH


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-29 Thread Gerhard Schneider

On Wed, 2001-11-28 at 01:51, Olaf Meeuwissen wrote:
> Dear .debs,
> 
> I'm maintaining a (small-time) group server for our department.  In
> order to satisfy company policy requirements I need to provide a way
> to shutdown the server in case of emergencies.  Our network admin was
> kind enough to give me two alternatives:
> 
>   1) provide an on-screen shutdown button

Could be made rather easy by using a mouse and the special features of
gpm.
   Special commands are toggled by triple-clicking  the  left
   and  right button -- an unlikely event during normal mouse
   usage. The easiest way to triple-click is pressing one  of
   the  buttons  and triple-click the other one. When special
   processing is toggled, a message appears  on  the  console
   (and  the  speaker beeps twice, if you have a speaker); if
   the user releases all the buttons and presses one of  them
   again  within three seconds, then the special command cor
   responding to the button is executed.

   The default special commands are:

   left button
  Reboot the system by signalling the init process

   middle button (if any)
  Execute `/sbin/shutdown -h now'

   right button
  Execute `/sbin/shutdown -r now'

>   2) provide a shutdown user account (and document its usage)
> 
> I didn't like either approach because they lack accountability: after
> a shutdown I can't tell *who* did it.
> BTW, the server has no screen for buttons, so 1) is not an option to
> begin with.  You have to ssh in to do anything (exploit one of inetd,
> exim, samba or apache in some way may be an alternative ;-).
> 
> I came up with a 'sudo /sbin/halt' for department members (and others
> on an as needed basis), but that was no good.  Everyone has to be able
> to shut it down.  I racked my brains but didn't come up with anything
> that provides accountability.  Anyone any suggestions?

If it's too hard to log the user, who made the shutdown, maybe it would
be enough to use sshd or netfilter to log the workstation which was
used.
> 
> Right now, I'm stuck with 2) and writing the password on the machine
> (or similar) *or* stay with what I have now and take my chances with
> people flicking the power switch.
> BTW, the server is not in a physically secure location, so I run the
> power switch thingy risk anyway.
> 
> Suggestions, discussions of pros and cons welcome,
> -- 
> Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
> GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
> LPIC-2   -- I hack, therefore I am -- BOFH
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 
> 
>

Re: shutdown user and accountability

2001-11-29 Thread Niall Walsh


I can't resist it!

Add a usb digital camera to the box and only allow people who are not 
logged in via ssh (and therefore known users) to shut the machine down 
by using the Ctrl+Alt+Del on a keyboard.   Add a shutdown init script to 
the start of the process which takes a few snaps of the shutdownee.   
Silly but seems to meet your criteria (you never said you didn't want to 
add extra hardware).   Other than something like this I cannot imagine 
any solution that would meet your requirements AND the companies (they 
obviously want anyone to be able to shut it down, but you want to know 
who did it and a terminal will never know unless each user has a login).

Niall


Gerhard Schneider wrote:

>On Wed, 2001-11-28 at 01:51, Olaf Meeuwissen wrote:
>
>>Dear .debs,
>>
>>I'm maintaining a (small-time) group server for our department.  In
>>order to satisfy company policy requirements I need to provide a way
>>to shutdown the server in case of emergencies.  Our network admin was
>>kind enough to give me two alternatives:
>>
>>  1) provide an on-screen shutdown button
>>
>
>Could be made rather easy by using a mouse and the special features of
>gpm.
>   Special commands are toggled by triple-clicking  the  left
>   and  right button -- an unlikely event during normal mouse
>   usage. The easiest way to triple-click is pressing one  of
>   the  buttons  and triple-click the other one. When special
>   processing is toggled, a message appears  on  the  console
>   (and  the  speaker beeps twice, if you have a speaker); if
>   the user releases all the buttons and presses one of  them
>   again  within three seconds, then the special command cor
>   responding to the button is executed.
>
>   The default special commands are:
>
>   left button
>  Reboot the system by signalling the init process
>
>   middle button (if any)
>  Execute `/sbin/shutdown -h now'
>
>   right button
>  Execute `/sbin/shutdown -r now'
>
>>  2) provide a shutdown user account (and document its usage)
>>
>>I didn't like either approach because they lack accountability: after
>>a shutdown I can't tell *who* did it.
>>BTW, the server has no screen for buttons, so 1) is not an option to
>>begin with.  You have to ssh in to do anything (exploit one of inetd,
>>exim, samba or apache in some way may be an alternative ;-).
>>
>>I came up with a 'sudo /sbin/halt' for department members (and others
>>on an as needed basis), but that was no good.  Everyone has to be able
>>to shut it down.  I racked my brains but didn't come up with anything
>>that provides accountability.  Anyone any suggestions?
>>
>
>If it's too hard to log the user, who made the shutdown, maybe it would
>be enough to use sshd or netfilter to log the workstation which was
>used.
>
>>Right now, I'm stuck with 2) and writing the password on the machine
>>(or similar) *or* stay with what I have now and take my chances with
>>people flicking the power switch.
>>BTW, the server is not in a physically secure location, so I run the
>>power switch thingy risk anyway.
>>
>>Suggestions, discussions of pros and cons welcome,
>>-- 
>>Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
>>GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
>>LPIC-2   -- I hack, therefore I am -- BOFH
>>
>>
>>-- 
>>To UNSUBSCRIBE, email to [EMAIL PROTECTED]
>>with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>>
>>
>>
>
>
>
>
>




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-29 Thread Gerhard Schneider


On Wed, 2001-11-28 at 01:51, Olaf Meeuwissen wrote:
> Dear .debs,
> 
> I'm maintaining a (small-time) group server for our department.  In
> order to satisfy company policy requirements I need to provide a way
> to shutdown the server in case of emergencies.  Our network admin was
> kind enough to give me two alternatives:
> 
>   1) provide an on-screen shutdown button

Could be made rather easy by using a mouse and the special features of
gpm.
   Special commands are toggled by triple-clicking  the  left
   and  right button -- an unlikely event during normal mouse
   usage. The easiest way to triple-click is pressing one  of
   the  buttons  and triple-click the other one. When special
   processing is toggled, a message appears  on  the  console
   (and  the  speaker beeps twice, if you have a speaker); if
   the user releases all the buttons and presses one of  them
   again  within three seconds, then the special command cor
   responding to the button is executed.

   The default special commands are:

   left button
  Reboot the system by signalling the init process

   middle button (if any)
  Execute `/sbin/shutdown -h now'

   right button
  Execute `/sbin/shutdown -r now'

>   2) provide a shutdown user account (and document its usage)
> 
> I didn't like either approach because they lack accountability: after
> a shutdown I can't tell *who* did it.
> BTW, the server has no screen for buttons, so 1) is not an option to
> begin with.  You have to ssh in to do anything (exploit one of inetd,
> exim, samba or apache in some way may be an alternative ;-).
> 
> I came up with a 'sudo /sbin/halt' for department members (and others
> on an as needed basis), but that was no good.  Everyone has to be able
> to shut it down.  I racked my brains but didn't come up with anything
> that provides accountability.  Anyone any suggestions?

If it's too hard to log the user, who made the shutdown, maybe it would
be enough to use sshd or netfilter to log the workstation which was
used.
> 
> Right now, I'm stuck with 2) and writing the password on the machine
> (or similar) *or* stay with what I have now and take my chances with
> people flicking the power switch.
> BTW, the server is not in a physically secure location, so I run the
> power switch thingy risk anyway.
> 
> Suggestions, discussions of pros and cons welcome,
> -- 
> Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
> GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
> LPIC-2   -- I hack, therefore I am -- BOFH
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 
> 
> 





--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-28 Thread Petro

On Wed, Nov 28, 2001 at 10:58:47AM +0900, Olaf Meeuwissen wrote:
> Blake Barnett <[EMAIL PROTECTED]> writes:
> 
> > Can't you give a group sudo access?  If so, just add everyone to a group
> > and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.
> 
> That's exactly what my sudo setup does right now.  The problem is that
> apparently *everyone* needs to be able to shut down the machine (for
> reasons that are beyond me).  Added accounts on an as needed basis is
> fine with me, but I don't fancy creating, oh, 250+ password protected
> accounts just to meet policy.

Put a small APC on the machine that talks to the serial port. Run
the APC shutdown daemon, then to shut the machine down, pull the
plug from the wall--or have it hooked to a power strip and trip the
switch on the power strip.

APC loses power, triggers daemon, daemon shuts machine down. 

Note: this also works if there is a power-outage during a time when
no one is in the office.

This doesn't give accountability, but you put a big axe near the
machine... 

-- 
Share and Enjoy.

Re: shutdown user and accountability

2001-11-28 Thread Petro

On Wed, Nov 28, 2001 at 10:58:47AM +0900, Olaf Meeuwissen wrote:
> Blake Barnett <[EMAIL PROTECTED]> writes:
> 
> > Can't you give a group sudo access?  If so, just add everyone to a group
> > and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.
> 
> That's exactly what my sudo setup does right now.  The problem is that
> apparently *everyone* needs to be able to shut down the machine (for
> reasons that are beyond me).  Added accounts on an as needed basis is
> fine with me, but I don't fancy creating, oh, 250+ password protected
> accounts just to meet policy.

Put a small APC on the machine that talks to the serial port. Run
the APC shutdown daemon, then to shut the machine down, pull the
plug from the wall--or have it hooked to a power strip and trip the
switch on the power strip.

APC loses power, triggers daemon, daemon shuts machine down. 

Note: this also works if there is a power-outage during a time when
no one is in the office.

This doesn't give accountability, but you put a big axe near the
machine... 

-- 
Share and Enjoy. 

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-28 Thread Mathias Palm



On 28 Nov 2001, Olaf Meeuwissen wrote:

> Blake Barnett <[EMAIL PROTECTED]> writes:
> 
> > On Tue, 2001-11-27 at 18:58, Olaf Meeuwissen wrote:
> > > Blake Barnett <[EMAIL PROTECTED]> writes:
> > > 
> > > > Can't you give a group sudo access?  If so, just add everyone to a group
> > > > and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.
> > > 
> > > That's exactly what my sudo setup does right now.  The problem is that
> > > apparently *everyone* needs to be able to shut down the machine (for
> > > reasons that are beyond me).  Added accounts on an as needed basis is
> > > fine with me, but I don't fancy creating, oh, 250+ password protected
> > > accounts just to meet policy.
> > 
> > Ok, I guess I didn't understand that the accounts didn't already exist. 
> > Is this some sort of kiosk or something?
> 
> Nope, just a file/web server (but I'm thinking of adding a programming
> environment (EEK!) for educational purposes) that is in a place that
> does not allow physical access restrictions (beyond being able to
> enter the company premises).
> 

So, whats the point in accountability then? Can't you even short cut the
power switch and take out the hardware reset switch??? 

Then you could set up a shutdown user, and write a script asking for
identification, as suggested in some other mail.


Mathias

> > If you can't wrap the stuff in a script --maybe it needs to be setuid?
> > blech!--, and log it there, then I dunno what to tell ya.
> 
> Not much use ;-), but thanks anyway!
> -- 
> Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
> GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 
>

Re: shutdown user and accountability

2001-11-28 Thread Mathias Palm



On Tue, 27 Nov 2001, Rishi L Khan wrote:

> How about Cntrl-Alt-Del? That shuts down a debian box without even logging
> in. As far as accountablity ... you could do it the old fashioned way and
> have a sign in sheet ... one stupid policy deserves another.
> 
>   -rishi

It _can_ shut down a computer. You can change the behaviour by editing
/etc/inittab. E.G. my box hust prints "bla" by setting :

ca:12345:ctrlaltdel:/bin/echo bla

ps. sorry when this mail comes two or threefold, but somehow, I haven't 
seen it in the list yet, 

All the best

> 
> On 28 Nov 2001, Olaf Meeuwissen wrote:
> 
> > Blake Barnett <[EMAIL PROTECTED]> writes:
> >
> > > On Tue, 2001-11-27 at 18:58, Olaf Meeuwissen wrote:
> > > > Blake Barnett <[EMAIL PROTECTED]> writes:
> > > >
> > > > > Can't you give a group sudo access?  If so, just add everyone to a 
> > > > > group
> > > > > and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.
> > > >
> > > > That's exactly what my sudo setup does right now.  The problem is that
> > > > apparently *everyone* needs to be able to shut down the machine (for
> > > > reasons that are beyond me).  Added accounts on an as needed basis is
> > > > fine with me, but I don't fancy creating, oh, 250+ password protected
> > > > accounts just to meet policy.
> > >
> > > Ok, I guess I didn't understand that the accounts didn't already exist.
> > > Is this some sort of kiosk or something?
> >
> > Nope, just a file/web server (but I'm thinking of adding a programming
> > environment (EEK!) for educational purposes) that is in a place that
> > does not allow physical access restrictions (beyond being able to
> > enter the company premises).
> >
> > > If you can't wrap the stuff in a script --maybe it needs to be setuid?
> > > blech!--, and log it there, then I dunno what to tell ya.
> >
> > Not much use ;-), but thanks anyway!
> > --
> > Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
> > GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
> >
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> >
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 
>

Re: shutdown user and accountability

2001-11-28 Thread Mathias Palm




On 28 Nov 2001, Olaf Meeuwissen wrote:

> Blake Barnett <[EMAIL PROTECTED]> writes:
> 
> > On Tue, 2001-11-27 at 18:58, Olaf Meeuwissen wrote:
> > > Blake Barnett <[EMAIL PROTECTED]> writes:
> > > 
> > > > Can't you give a group sudo access?  If so, just add everyone to a group
> > > > and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.
> > > 
> > > That's exactly what my sudo setup does right now.  The problem is that
> > > apparently *everyone* needs to be able to shut down the machine (for
> > > reasons that are beyond me).  Added accounts on an as needed basis is
> > > fine with me, but I don't fancy creating, oh, 250+ password protected
> > > accounts just to meet policy.
> > 
> > Ok, I guess I didn't understand that the accounts didn't already exist. 
> > Is this some sort of kiosk or something?
> 
> Nope, just a file/web server (but I'm thinking of adding a programming
> environment (EEK!) for educational purposes) that is in a place that
> does not allow physical access restrictions (beyond being able to
> enter the company premises).
> 

So, whats the point in accountability then? Can't you even short cut the
power switch and take out the hardware reset switch??? 

Then you could set up a shutdown user, and write a script asking for
identification, as suggested in some other mail.


Mathias

> > If you can't wrap the stuff in a script --maybe it needs to be setuid?
> > blech!--, and log it there, then I dunno what to tell ya.
> 
> Not much use ;-), but thanks anyway!
> -- 
> Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
> GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 
> 



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-28 Thread Mathias Palm




On Tue, 27 Nov 2001, Rishi L Khan wrote:

> How about Cntrl-Alt-Del? That shuts down a debian box without even logging
> in. As far as accountablity ... you could do it the old fashioned way and
> have a sign in sheet ... one stupid policy deserves another.
> 
>   -rishi

It _can_ shut down a computer. You can change the behaviour by editing
/etc/inittab. E.G. my box hust prints "bla" by setting :

ca:12345:ctrlaltdel:/bin/echo bla

ps. sorry when this mail comes two or threefold, but somehow, I haven't 
seen it in the list yet, 

All the best

> 
> On 28 Nov 2001, Olaf Meeuwissen wrote:
> 
> > Blake Barnett <[EMAIL PROTECTED]> writes:
> >
> > > On Tue, 2001-11-27 at 18:58, Olaf Meeuwissen wrote:
> > > > Blake Barnett <[EMAIL PROTECTED]> writes:
> > > >
> > > > > Can't you give a group sudo access?  If so, just add everyone to a group
> > > > > and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.
> > > >
> > > > That's exactly what my sudo setup does right now.  The problem is that
> > > > apparently *everyone* needs to be able to shut down the machine (for
> > > > reasons that are beyond me).  Added accounts on an as needed basis is
> > > > fine with me, but I don't fancy creating, oh, 250+ password protected
> > > > accounts just to meet policy.
> > >
> > > Ok, I guess I didn't understand that the accounts didn't already exist.
> > > Is this some sort of kiosk or something?
> >
> > Nope, just a file/web server (but I'm thinking of adding a programming
> > environment (EEK!) for educational purposes) that is in a place that
> > does not allow physical access restrictions (beyond being able to
> > enter the company premises).
> >
> > > If you can't wrap the stuff in a script --maybe it needs to be setuid?
> > > blech!--, and log it there, then I dunno what to tell ya.
> >
> > Not much use ;-), but thanks anyway!
> > --
> > Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
> > GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
> >
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> >
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 
> 



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-27 Thread William R Ward


Do you have any source of information about the employees?  HR
database or something like that?  You could cobble together a setuid
Perl or C program that asks them information only they would know to
authenticate them, verifies it, logs it, and then does a shutdown.
Set up a guest account with minimal privileges except for the ability
to run that program, and put the login name and password on the
keyboard.

Even if you don't have the info in the database, you could at least
ask them a question only they would know, log it, and then after the
fact if you want to find out who it was you could confirm it that way.

It's not perfect, but given the policies you have to live with, it may
be the only type of solution you can come up with.

--Bill.

-- 
William R Ward[EMAIL PROTECTED]  http://www.wards.net/~bill/
-
 If you're not part of the solution, you're part of the precipitate.

Re: shutdown user and accountability

2001-11-27 Thread Mike Renfro

On Wed, Nov 28, 2001 at 09:51:19AM +0900, Olaf Meeuwissen wrote:

> I'm maintaining a (small-time) group server for our department.  In
> order to satisfy company policy requirements I need to provide a way
> to shutdown the server in case of emergencies.  Our network admin
> was kind enough to give me two alternatives:

No idea what sort of emergency they'd be anticipating; if it was
something like a power failure, the obvious solution would be to use a
UPS with serial support so you could do a graceful shutdown when the
battery ran low.

The setuid program that syslogs the user, then runs the shutdown is as
viable a solution as any. If you don't mind losing accountability, but
want an idiot shutdown button attached to the machine, I'd look at
getting some sort of LCD/keypad interface from Matrix Orbital or one
of their competitors.

http://www.matrixorbital.com/products.htm

-- 
Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-27 Thread Rishi L Khan

How about Cntrl-Alt-Del? That shuts down a debian box without even logging
in. As far as accountablity ... you could do it the old fashioned way and
have a sign in sheet ... one stupid policy deserves another.

-rishi

On 28 Nov 2001, Olaf Meeuwissen wrote:

> Blake Barnett <[EMAIL PROTECTED]> writes:
>
> > On Tue, 2001-11-27 at 18:58, Olaf Meeuwissen wrote:
> > > Blake Barnett <[EMAIL PROTECTED]> writes:
> > >
> > > > Can't you give a group sudo access?  If so, just add everyone to a group
> > > > and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.
> > >
> > > That's exactly what my sudo setup does right now.  The problem is that
> > > apparently *everyone* needs to be able to shut down the machine (for
> > > reasons that are beyond me).  Added accounts on an as needed basis is
> > > fine with me, but I don't fancy creating, oh, 250+ password protected
> > > accounts just to meet policy.
> >
> > Ok, I guess I didn't understand that the accounts didn't already exist.
> > Is this some sort of kiosk or something?
>
> Nope, just a file/web server (but I'm thinking of adding a programming
> environment (EEK!) for educational purposes) that is in a place that
> does not allow physical access restrictions (beyond being able to
> enter the company premises).
>
> > If you can't wrap the stuff in a script --maybe it needs to be setuid?
> > blech!--, and log it there, then I dunno what to tell ya.
>
> Not much use ;-), but thanks anyway!
> --
> Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
> GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>

Re: shutdown user and accountability

2001-11-27 Thread Olaf Meeuwissen

Blake Barnett <[EMAIL PROTECTED]> writes:

> On Tue, 2001-11-27 at 18:58, Olaf Meeuwissen wrote:
> > Blake Barnett <[EMAIL PROTECTED]> writes:
> > 
> > > Can't you give a group sudo access?  If so, just add everyone to a group
> > > and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.
> > 
> > That's exactly what my sudo setup does right now.  The problem is that
> > apparently *everyone* needs to be able to shut down the machine (for
> > reasons that are beyond me).  Added accounts on an as needed basis is
> > fine with me, but I don't fancy creating, oh, 250+ password protected
> > accounts just to meet policy.
> 
> Ok, I guess I didn't understand that the accounts didn't already exist. 
> Is this some sort of kiosk or something?

Nope, just a file/web server (but I'm thinking of adding a programming
environment (EEK!) for educational purposes) that is in a place that
does not allow physical access restrictions (beyond being able to
enter the company premises).

> If you can't wrap the stuff in a script --maybe it needs to be setuid?
> blech!--, and log it there, then I dunno what to tell ya.

Not much use ;-), but thanks anyway!
-- 
Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90

Re: shutdown user and accountability

2001-11-27 Thread Blake Barnett

On Tue, 2001-11-27 at 18:58, Olaf Meeuwissen wrote:
> Blake Barnett <[EMAIL PROTECTED]> writes:
> 
> > Can't you give a group sudo access?  If so, just add everyone to a group
> > and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.
> 
> That's exactly what my sudo setup does right now.  The problem is that
> apparently *everyone* needs to be able to shut down the machine (for
> reasons that are beyond me).  Added accounts on an as needed basis is
> fine with me, but I don't fancy creating, oh, 250+ password protected
> accounts just to meet policy.

Ok, I guess I didn't understand that the accounts didn't already exist. 
Is this some sort of kiosk or something?

If you can't wrap the stuff in a script --maybe it needs to be setuid?
blech!--, and log it there, then I dunno what to tell ya.

-- 
Blake Barnett (bdb)  <[EMAIL PROTECTED]>
Sr. Unix Administrator
DevelopOnline.com office: 480-377-6816

"Do, or do not.  There is no try." --Yoda

Re: shutdown user and accountability

2001-11-27 Thread Olaf Meeuwissen

Blake Barnett <[EMAIL PROTECTED]> writes:

> Can't you give a group sudo access?  If so, just add everyone to a group
> and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.

That's exactly what my sudo setup does right now.  The problem is that
apparently *everyone* needs to be able to shut down the machine (for
reasons that are beyond me).  Added accounts on an as needed basis is
fine with me, but I don't fancy creating, oh, 250+ password protected
accounts just to meet policy.

> Or you could write your own script which wraps around halt/shutdown and
> logs what it's doing via logger or syslog...   
> 
> On Tue, 2001-11-27 at 17:51, Olaf Meeuwissen wrote:
> > Dear .debs,
> > 
> > I'm maintaining a (small-time) group server for our department.  In
> > order to satisfy company policy requirements I need to provide a way
> > to shutdown the server in case of emergencies.  Our network admin was
> > kind enough to give me two alternatives:
> > 
> >   1) provide an on-screen shutdown button
> >   2) provide a shutdown user account (and document its usage)
> > 
> > I didn't like either approach because they lack accountability: after
> > a shutdown I can't tell *who* did it.
> > BTW, the server has no screen for buttons, so 1) is not an option to
> > begin with.  You have to ssh in to do anything (exploit one of inetd,
> > exim, samba or apache in some way may be an alternative ;-).
> > 
> > I came up with a 'sudo /sbin/halt' for department members (and others
> > on an as needed basis), but that was no good.  Everyone has to be able
> > to shut it down.  I racked my brains but didn't come up with anything
> > that provides accountability.  Anyone any suggestions?
> > 
> > Right now, I'm stuck with 2) and writing the password on the machine
> > (or similar) *or* stay with what I have now and take my chances with
> > people flicking the power switch.
> > BTW, the server is not in a physically secure location, so I run the
> > power switch thingy risk anyway.
> > 
> > Suggestions, discussions of pros and cons welcome,
> > -- 
> > Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
> > GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
> > LPIC-2   -- I hack, therefore I am -- BOFH
> > 
> > 
> > -- 
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> -- 
> Blake Barnett (bdb)  <[EMAIL PROTECTED]>
> Sr. Unix Administrator
> DevelopOnline.com office: 480-377-6816
> 
> "Do, or do not.  There is no try." --Yoda
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 

-- 
Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90

Re: shutdown user and accountability

2001-11-27 Thread William R Ward



Do you have any source of information about the employees?  HR
database or something like that?  You could cobble together a setuid
Perl or C program that asks them information only they would know to
authenticate them, verifies it, logs it, and then does a shutdown.
Set up a guest account with minimal privileges except for the ability
to run that program, and put the login name and password on the
keyboard.

Even if you don't have the info in the database, you could at least
ask them a question only they would know, log it, and then after the
fact if you want to find out who it was you could confirm it that way.

It's not perfect, but given the policies you have to live with, it may
be the only type of solution you can come up with.

--Bill.

-- 
William R Ward[EMAIL PROTECTED]  http://www.wards.net/~bill/
-
 If you're not part of the solution, you're part of the precipitate.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-27 Thread Mike Renfro

On Wed, Nov 28, 2001 at 09:51:19AM +0900, Olaf Meeuwissen wrote:

> I'm maintaining a (small-time) group server for our department.  In
> order to satisfy company policy requirements I need to provide a way
> to shutdown the server in case of emergencies.  Our network admin
> was kind enough to give me two alternatives:

No idea what sort of emergency they'd be anticipating; if it was
something like a power failure, the obvious solution would be to use a
UPS with serial support so you could do a graceful shutdown when the
battery ran low.

The setuid program that syslogs the user, then runs the shutdown is as
viable a solution as any. If you don't mind losing accountability, but
want an idiot shutdown button attached to the machine, I'd look at
getting some sort of LCD/keypad interface from Matrix Orbital or one
of their competitors.

http://www.matrixorbital.com/products.htm

-- 
Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED]

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-27 Thread Rishi L Khan


How about Cntrl-Alt-Del? That shuts down a debian box without even logging
in. As far as accountablity ... you could do it the old fashioned way and
have a sign in sheet ... one stupid policy deserves another.

-rishi

On 28 Nov 2001, Olaf Meeuwissen wrote:

> Blake Barnett <[EMAIL PROTECTED]> writes:
>
> > On Tue, 2001-11-27 at 18:58, Olaf Meeuwissen wrote:
> > > Blake Barnett <[EMAIL PROTECTED]> writes:
> > >
> > > > Can't you give a group sudo access?  If so, just add everyone to a group
> > > > and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.
> > >
> > > That's exactly what my sudo setup does right now.  The problem is that
> > > apparently *everyone* needs to be able to shut down the machine (for
> > > reasons that are beyond me).  Added accounts on an as needed basis is
> > > fine with me, but I don't fancy creating, oh, 250+ password protected
> > > accounts just to meet policy.
> >
> > Ok, I guess I didn't understand that the accounts didn't already exist.
> > Is this some sort of kiosk or something?
>
> Nope, just a file/web server (but I'm thinking of adding a programming
> environment (EEK!) for educational purposes) that is in a place that
> does not allow physical access restrictions (beyond being able to
> enter the company premises).
>
> > If you can't wrap the stuff in a script --maybe it needs to be setuid?
> > blech!--, and log it there, then I dunno what to tell ya.
>
> Not much use ;-), but thanks anyway!
> --
> Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
> GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-27 Thread Blake Barnett

Can't you give a group sudo access?  If so, just add everyone to a group
and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.

Or you could write your own script which wraps around halt/shutdown and
logs what it's doing via logger or syslog...   


On Tue, 2001-11-27 at 17:51, Olaf Meeuwissen wrote:
> Dear .debs,
> 
> I'm maintaining a (small-time) group server for our department.  In
> order to satisfy company policy requirements I need to provide a way
> to shutdown the server in case of emergencies.  Our network admin was
> kind enough to give me two alternatives:
> 
>   1) provide an on-screen shutdown button
>   2) provide a shutdown user account (and document its usage)
> 
> I didn't like either approach because they lack accountability: after
> a shutdown I can't tell *who* did it.
> BTW, the server has no screen for buttons, so 1) is not an option to
> begin with.  You have to ssh in to do anything (exploit one of inetd,
> exim, samba or apache in some way may be an alternative ;-).
> 
> I came up with a 'sudo /sbin/halt' for department members (and others
> on an as needed basis), but that was no good.  Everyone has to be able
> to shut it down.  I racked my brains but didn't come up with anything
> that provides accountability.  Anyone any suggestions?
> 
> Right now, I'm stuck with 2) and writing the password on the machine
> (or similar) *or* stay with what I have now and take my chances with
> people flicking the power switch.
> BTW, the server is not in a physically secure location, so I run the
> power switch thingy risk anyway.
> 
> Suggestions, discussions of pros and cons welcome,
> -- 
> Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
> GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
> LPIC-2   -- I hack, therefore I am -- BOFH
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
-- 
Blake Barnett (bdb)  <[EMAIL PROTECTED]>
Sr. Unix Administrator
DevelopOnline.com office: 480-377-6816

"Do, or do not.  There is no try." --Yoda

Re: shutdown user and accountability

2001-11-27 Thread Olaf Meeuwissen


Blake Barnett <[EMAIL PROTECTED]> writes:

> On Tue, 2001-11-27 at 18:58, Olaf Meeuwissen wrote:
> > Blake Barnett <[EMAIL PROTECTED]> writes:
> > 
> > > Can't you give a group sudo access?  If so, just add everyone to a group
> > > and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.
> > 
> > That's exactly what my sudo setup does right now.  The problem is that
> > apparently *everyone* needs to be able to shut down the machine (for
> > reasons that are beyond me).  Added accounts on an as needed basis is
> > fine with me, but I don't fancy creating, oh, 250+ password protected
> > accounts just to meet policy.
> 
> Ok, I guess I didn't understand that the accounts didn't already exist. 
> Is this some sort of kiosk or something?

Nope, just a file/web server (but I'm thinking of adding a programming
environment (EEK!) for educational purposes) that is in a place that
does not allow physical access restrictions (beyond being able to
enter the company premises).

> If you can't wrap the stuff in a script --maybe it needs to be setuid?
> blech!--, and log it there, then I dunno what to tell ya.

Not much use ;-), but thanks anyway!
-- 
Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-27 Thread Blake Barnett


On Tue, 2001-11-27 at 18:58, Olaf Meeuwissen wrote:
> Blake Barnett <[EMAIL PROTECTED]> writes:
> 
> > Can't you give a group sudo access?  If so, just add everyone to a group
> > and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.
> 
> That's exactly what my sudo setup does right now.  The problem is that
> apparently *everyone* needs to be able to shut down the machine (for
> reasons that are beyond me).  Added accounts on an as needed basis is
> fine with me, but I don't fancy creating, oh, 250+ password protected
> accounts just to meet policy.

Ok, I guess I didn't understand that the accounts didn't already exist. 
Is this some sort of kiosk or something?

If you can't wrap the stuff in a script --maybe it needs to be setuid?
blech!--, and log it there, then I dunno what to tell ya.

-- 
Blake Barnett (bdb)  <[EMAIL PROTECTED]>
Sr. Unix Administrator
DevelopOnline.com office: 480-377-6816

"Do, or do not.  There is no try." --Yoda


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-27 Thread Olaf Meeuwissen


Blake Barnett <[EMAIL PROTECTED]> writes:

> Can't you give a group sudo access?  If so, just add everyone to a group
> and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.

That's exactly what my sudo setup does right now.  The problem is that
apparently *everyone* needs to be able to shut down the machine (for
reasons that are beyond me).  Added accounts on an as needed basis is
fine with me, but I don't fancy creating, oh, 250+ password protected
accounts just to meet policy.

> Or you could write your own script which wraps around halt/shutdown and
> logs what it's doing via logger or syslog...   
> 
> On Tue, 2001-11-27 at 17:51, Olaf Meeuwissen wrote:
> > Dear .debs,
> > 
> > I'm maintaining a (small-time) group server for our department.  In
> > order to satisfy company policy requirements I need to provide a way
> > to shutdown the server in case of emergencies.  Our network admin was
> > kind enough to give me two alternatives:
> > 
> >   1) provide an on-screen shutdown button
> >   2) provide a shutdown user account (and document its usage)
> > 
> > I didn't like either approach because they lack accountability: after
> > a shutdown I can't tell *who* did it.
> > BTW, the server has no screen for buttons, so 1) is not an option to
> > begin with.  You have to ssh in to do anything (exploit one of inetd,
> > exim, samba or apache in some way may be an alternative ;-).
> > 
> > I came up with a 'sudo /sbin/halt' for department members (and others
> > on an as needed basis), but that was no good.  Everyone has to be able
> > to shut it down.  I racked my brains but didn't come up with anything
> > that provides accountability.  Anyone any suggestions?
> > 
> > Right now, I'm stuck with 2) and writing the password on the machine
> > (or similar) *or* stay with what I have now and take my chances with
> > people flicking the power switch.
> > BTW, the server is not in a physically secure location, so I run the
> > power switch thingy risk anyway.
> > 
> > Suggestions, discussions of pros and cons welcome,
> > -- 
> > Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
> > GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
> > LPIC-2   -- I hack, therefore I am -- BOFH
> > 
> > 
> > -- 
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> -- 
> Blake Barnett (bdb)  <[EMAIL PROTECTED]>
> Sr. Unix Administrator
> DevelopOnline.com office: 480-377-6816
> 
> "Do, or do not.  There is no try." --Yoda
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 

-- 
Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-27 Thread Blake Barnett


Can't you give a group sudo access?  If so, just add everyone to a group
and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.

Or you could write your own script which wraps around halt/shutdown and
logs what it's doing via logger or syslog...   


On Tue, 2001-11-27 at 17:51, Olaf Meeuwissen wrote:
> Dear .debs,
> 
> I'm maintaining a (small-time) group server for our department.  In
> order to satisfy company policy requirements I need to provide a way
> to shutdown the server in case of emergencies.  Our network admin was
> kind enough to give me two alternatives:
> 
>   1) provide an on-screen shutdown button
>   2) provide a shutdown user account (and document its usage)
> 
> I didn't like either approach because they lack accountability: after
> a shutdown I can't tell *who* did it.
> BTW, the server has no screen for buttons, so 1) is not an option to
> begin with.  You have to ssh in to do anything (exploit one of inetd,
> exim, samba or apache in some way may be an alternative ;-).
> 
> I came up with a 'sudo /sbin/halt' for department members (and others
> on an as needed basis), but that was no good.  Everyone has to be able
> to shut it down.  I racked my brains but didn't come up with anything
> that provides accountability.  Anyone any suggestions?
> 
> Right now, I'm stuck with 2) and writing the password on the machine
> (or similar) *or* stay with what I have now and take my chances with
> people flicking the power switch.
> BTW, the server is not in a physically secure location, so I run the
> power switch thingy risk anyway.
> 
> Suggestions, discussions of pros and cons welcome,
> -- 
> Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
> GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
> LPIC-2   -- I hack, therefore I am -- BOFH
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
-- 
Blake Barnett (bdb)  <[EMAIL PROTECTED]>
Sr. Unix Administrator
DevelopOnline.com office: 480-377-6816

"Do, or do not.  There is no try." --Yoda


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

38 matches

Mail list logo