Re: Very general shutdown question
On Monday 07 February 2005 03:28 am, you wrote: > On Sunday 06 February 2005 11:46 am, Ned Harrison wrote: > > I run FreeBSD 5.3 on my home PC in a stand alone machine as a desktop. > > Is it possible to set it up so an ordinary user can shut the system? > > I've created a couple of accounts that are not in the wheel group so I > > can give friends and house guests the chance to play on a non-Microsoft > > system. I don't want to give them root access just to shut it down. > > > > None of the books which I have discuss using FreeBSD in this way. They > > are mostly geared to setting up networks running it for businesses. > > Areas where one may not want an ordinary user to be able to shutdown the > > machine. However, I prefer having the machine off when I'm not on it. If > > it's not possible that fine I can continue working around it like I do > > now. > > The easiest way I've found to do this is assuming you have X installed and > are using a login manager ie. KDM/GDM/Login.app just use the shutdown > functionality of the login manager to shutdown the system. The most fool > proof way if you've got ACPI on this system it to just tap the power button > and it'll shutdown. This sounds like what I want. I have WDM installed and I have KDE installed. I didn't realize that function was there. I've been using a terminal login ever sense I started using FreeBSD because that how I thought it was supposed to work! I'll try to step through the setup of KDM. I found a reference to the KDE display manager in the FreeBSD handbook. It might take a few days to figure things out. But this should work. Thanks, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Very general shutdown question
Well thanks, too bad I was planning on using those to make my backup
jobs easier. Anyway, here is a quick C program to accomplish the same
thing:
/* main.c */
#include
#include
int main(int argc, char *argv[])
{
extern char **environ;
execve("/sbin/halt", argv, environ);
return EXIT_SUCCESS; /* note: we never actually get here */
}
to compile it, but type 'gcc main.c'
then copy a.out to /halt
then 'chown root:wheel /halt'
then 'chmod a+s /halt'
But when I got done writing and testing the program, I thought to myself:
Why not just set /sbin/halt to SUID root?
--
Tabor Kelly
[EMAIL PROTECTED]
http://tabor.taborandtashell.net
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Very general shutdown question
> Date: Mon, 7 Feb 2005 11:49:22 + > From: Dick Davies <[EMAIL PROTECTED]> > Subject: Re: Very general shutdown question > To: FreeBSD Questions > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=us-ascii > > * Steven <[EMAIL PROTECTED]> [0203 23:03]: > > Hello Ned, > > > > you can add the user to the operator group. it is possible to run > > shutdown then (but not halt etc). > > Be caneful of that, I think operator has other privileges too > (can read from any disk for starters). Can't you just install sudo and give them permission to sudo shutdown. If it needs to be scripted you can do it so it doesn't ask for a password. > > > > You could also create a shutdown user with a login shell pointing to a > > shutdown script. > > But that won't work if they still don't have permission to run it... Hopefully this would allow them to shutdown. Anthony Philipp ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Very general shutdown question
Anish Mistry <[EMAIL PROTECTED]> writes: > On Sunday 06 February 2005 11:46 am, Ned Harrison wrote: > > I run FreeBSD 5.3 on my home PC in a stand alone machine as a desktop. Is > > it possible to set it up so an ordinary user can shut the system? I've > > created a couple of accounts that are not in the wheel group so I can give > > friends and house guests the chance to play on a non-Microsoft system. I > > don't want to give them root access just to shut it down. > > > > None of the books which I have discuss using FreeBSD in this way. They are > > mostly geared to setting up networks running it for businesses. Areas > > where one may not want an ordinary user to be able to shutdown the machine. > > However, I prefer having the machine off when I'm not on it. If it's not > > possible that fine I can continue working around it like I do now. > > > The easiest way I've found to do this is assuming you have X installed and > are > using a login manager ie. KDM/GDM/Login.app just use the shutdown > functionality of the login manager to shutdown the system. The most fool > proof way if you've got ACPI on this system it to just tap the power button > and it'll shutdown. For this case, where it sounds like the users will always be at the console, that last one has to be the easiest way to go. Or maybe setting a key combination to do the same (ctrl-alt-del, anyone?). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Very general shutdown question
On Mon, Feb 07, 2005 at 11:49:22AM +, Dick Davies wrote: > * Steven <[EMAIL PROTECTED]> [0203 23:03]: > > Hello Ned, > > > > you can add the user to the operator group. it is possible to run > > shutdown then (but not halt etc). > > Be caneful of that, I think operator has other privileges too > (can read from any disk for starters). > > > > You could also create a shutdown user with a login shell pointing to a > > shutdown script. > > But that won't work if they still don't have permission to run it... > What if you put the shutdown user in the operator group? I don't plan to use this solution, but out of curiousity, are there any security problems with creating a privileged user with a widely known password but a login shell that does something specific, like shutting down the system? - James Cook [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Very general shutdown question
* Steven <[EMAIL PROTECTED]> [0203 23:03]: > Hello Ned, > > you can add the user to the operator group. it is possible to run > shutdown then (but not halt etc). Be caneful of that, I think operator has other privileges too (can read from any disk for starters). > You could also create a shutdown user with a login shell pointing to a > shutdown script. But that won't work if they still don't have permission to run it... -- '...and then we wrote scripts to write the configs for us, and using these scripts, we made mistakes in a faster, more automated manner.' -- A Gentle Introduction to Cricket, on MRTG configuration Rasputin :: Jack of All Trades - Master of Nuns ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Very general shutdown question
Ned Harrison wrote: I run FreeBSD 5.3 on my home PC in a stand alone machine as a desktop. Is it possible to set it up so an ordinary user can shut the system? I've created a couple of accounts that are not in the wheel group so I can give friends and house guests the chance to play on a non-Microsoft system. I don't want to give them root access just to shut it down. None of the books which I have discuss using FreeBSD in this way. They are mostly geared to setting up networks running it for businesses. Areas where one may not want an ordinary user to be able to shutdown the machine. However, I prefer having the machine off when I'm not on it. If it's not possible that fine I can continue working around it like I do now. Thank you Ned As you have probably noticed, their are lots of ways to do this. IMHO the easiest would be a SUID root script. That is a script owned by root that has the SUID (set user id) bit set. It should have one line: 'halt' (or whatever 'shutdown -*' you want). -- Tabor Kelly [EMAIL PROTECTED] http://tabor.taborandtashell.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Very general shutdown question
On Sunday 06 February 2005 11:46 am, Ned Harrison wrote: > I run FreeBSD 5.3 on my home PC in a stand alone machine as a desktop. Is > it possible to set it up so an ordinary user can shut the system? I've > created a couple of accounts that are not in the wheel group so I can give > friends and house guests the chance to play on a non-Microsoft system. I > don't want to give them root access just to shut it down. > > None of the books which I have discuss using FreeBSD in this way. They are > mostly geared to setting up networks running it for businesses. Areas > where one may not want an ordinary user to be able to shutdown the machine. > However, I prefer having the machine off when I'm not on it. If it's not > possible that fine I can continue working around it like I do now. > The easiest way I've found to do this is assuming you have X installed and are using a login manager ie. KDM/GDM/Login.app just use the shutdown functionality of the login manager to shutdown the system. The most fool proof way if you've got ACPI on this system it to just tap the power button and it'll shutdown. -- Anish Mistry pgpTpAU1gAwGU.pgp Description: PGP signature
Re: Very general shutdown question
On Sun, Feb 06, 2005 at 04:46:26PM +, Ned Harrison wrote: > I run FreeBSD 5.3 on my home PC in a stand alone machine as a desktop. Is > it > possible to set it up so an ordinary user can shut the system? I've created > a couple of accounts that are not in the wheel group so I can give friends > and house guests the chance to play on a non-Microsoft system. I don't want > to give them root access just to shut it down. > > None of the books which I have discuss using FreeBSD in this way. They are > mostly geared to setting up networks running it for businesses. Areas where > one may not want an ordinary user to be able to shutdown the machine. > However, I prefer having the machine off when I'm not on it. If it's not > possible that fine I can continue working around it like I do now. sudo(8) is a nice general-purpose utility that gives mortal users superuser access to certain commands. There's a port of it in security/sudo. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgptiF3FCK0w9.pgp Description: PGP signature
Re: Very general shutdown question
Hello Ned, you can add the user to the operator group. it is possible to run shutdown then (but not halt etc). You could also create a shutdown user with a login shell pointing to a shutdown script. Kind regards Steven Ned Harrison wrote: I run FreeBSD 5.3 on my home PC in a stand alone machine as a desktop. Is it possible to set it up so an ordinary user can shut the system? I've created a couple of accounts that are not in the wheel group so I can give friends and house guests the chance to play on a non-Microsoft system. I don't want to give them root access just to shut it down. None of the books which I have discuss using FreeBSD in this way. They are mostly geared to setting up networks running it for businesses. Areas where one may not want an ordinary user to be able to shutdown the machine. However, I prefer having the machine off when I'm not on it. If it's not possible that fine I can continue working around it like I do now. Thank you Ned ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Very general shutdown question
I run FreeBSD 5.3 on my home PC in a stand alone machine as a desktop. Is it possible to set it up so an ordinary user can shut the system? I've created a couple of accounts that are not in the wheel group so I can give friends and house guests the chance to play on a non-Microsoft system. I don't want to give them root access just to shut it down. None of the books which I have discuss using FreeBSD in this way. They are mostly geared to setting up networks running it for businesses. Areas where one may not want an ordinary user to be able to shutdown the machine. However, I prefer having the machine off when I'm not on it. If it's not possible that fine I can continue working around it like I do now. Thank you Ned ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
