You are not logged in.
Hi, I want to use shutdown without password, but somehow I don't get it to work...
I edited /etc/sudoers (with visudo of course!) but still I have to enter the PW everytime!
Here is the relevant part of that file:
##
## User privilege specification
##
root ALL=(ALL) ALL
## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Uncomment to allow members of group sudo to execute any command
%sudo ALL=(ALL) ALL
# Allow members of group sudo to execute shutdown without entering password
%sudo ALL=NOPASSWD: /usr/bin/shutdown
Defaults insults
## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw # Ask for the password of the target user
# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
## Read drop-in files from /etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /etc/sudoers.d
I tried many different variations, but none works! Where is my mistake?
Offline
systemctl poweroff
Offline
OK, that works but it doesn't solve my problem ;-) Thanks anyway!
I like to use shutdown with a timer like this:
shutdown -h +120
i.e. shutdown system in 120 minutes.
Back to post no.1. What is wrong?
Last edited by friendofarch (2014-02-03 10:19:32)
Offline
%wheel ALL=(ALL) NOPASSWD: /usr/bin/shutdown
Have you tried it that way?
Also, /usr/bin/shutdown is just a symlink:
lrwxrwxrwx 1 root root 9 Jan 7 03:07 /usr/bin/shutdown -> systemctl
Offline
Offline
%wheel ALL=(ALL) NOPASSWD: /usr/bin/shutdown
Have you tried it that way?
Yes, tried it now, but still not working :-( (and yes, I checked if I'm a member of wheel)
Also, /usr/bin/shutdown is just a symlink:
lrwxrwxrwx 1 root root 9 Jan 7 03:07 /usr/bin/shutdown -> systemctl
What does that mean to me? Is there a way to have a timed usage of systemctl?
Try https://wiki.archlinux.org/index.php/Al … o_Shutdown
Still I can't find a way to have e.g. my computer shutdown after 2 hours! Isn't that possible with Arch?
Offline
How about 'sleep 7200 && sudo poweroff'?
Offline
Or even
sleep 2h && systemctl poweroff
I don't know why "systemctl poweroff" doesn't solve your problem. It doesn't need a password (assuming your user account/session is set up correctly), and /usr/bin/{halt,shutdown,poweroff} are just a symbolic links to /usr/bin/systemctl anyway.
EDIT: I can't read. You want to use the old style syntax to shutdown, and that means you have to use /usr/bin/shutdown. You still need to use 'sudo shutdown' , or else the sudoers file won't be used.
Last edited by WorMzy (2014-02-05 12:53:30)
Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD
Making lemonade from lemons since 2015.
Online
Interestingly, systemd does appear to provide a shutdown command that provides this functionality: http://www.freedesktop.org/software/sys … tdown.html
I remember reading somewhere that it was deprecated and only to provide compatibility with sysv, though I can't find the link.
The Arch packages don't seem to provide the application for it (systemd-sysvcompat is what provides the symlink).
I have seen references to APIs and abilities to schedule shutdown in some systemd documentation (e.g blog posts listing changelists, etc.) but no example of how to do it. Searching for systemd shutdown, etc. is not useful as there is a lot of noise. The whole shutdown system in systemd is a little confusing (see systemd-shutdownd for example).
I find it a little difficult to believe that scheduled shutdowns aren't possible, considering how important they are to servers, so I must be missing something. I just hope it's not too obvious.
"...one cannot be angry when one looks at a penguin." - John Ruskin
"Life in general is a bit shit, and so too is the internet. And that's all there is." - scepticisle
Offline
Or even
sleep 2h && systemctl poweroff
This is much longer plus I (and everyone else logged in) don't get warning messages that system is gonna shutdown in x minutes!
I don't know why "systemctl poweroff" doesn't solve your problem. It doesn't need a password (assuming your user account/session is set up correctly), and /usr/bin/{halt,shutdown,poweroff} are just a symbolic links to /usr/bin/systemctl anyway.
Is shutdown deprecated now? I don't get it! ...and if those are just symlinks, why do I need a password for shutdown?
EDIT: I can't read. You want to use the old style syntax to shutdown, and that means you have to use /usr/bin/shutdown. You still need to use 'sudo shutdown' , or else the sudoers file won't be used.
Of course I tried with sudo! the normal behaviour is that I use "sudo shutdown ..." without the need to enter password afterwards. I had it like this on Debian before and I think even on Manjaro. Just now (actually on Antergos) I don't get it to work!
Also if I want to use another command without password I still have the same problem! I really apreciate Your help, but so far those are only workarounds! Not solutions
Last edited by friendofarch (2014-02-05 13:40:04)
Offline
Are you a member of the group "sudo" or "wheel" (whichever one you want to use)? Have you logged out (or rebooted) since adding yourself to the group?
Please post the entire "sudoers" file. I once went crazy trying to fix a sudo bug that was being caused by a completely unrelated part of the file.
Offline
I don't know if you should really consider it deprecated. I also don't know why shutdown needs a password while other symlinked operations (poweroff/reboot) don't (shutdown is slightly more powerful, but I can't think of any reason to hide these options from a single user physically logged in to the machine).
I can guess what the problem with sudo is and this superuser thread confirms my suspicion. What does worry me is that you also say
Also if I want to use another command without password I still have the same problem!
This sounds like sudo doesn't let you do anything without a password (or did you only try other symlinks?).
Offline
WorMzy wrote:Or even
sleep 2h && systemctl poweroff
This is much longer plus I (and everyone else logged in) don't get warning messages that system is gonna shutdown in x minutes!
According to systemctl man page, a wall message is shown to all users if you use systemctl.
WorMzy wrote:I don't know why "systemctl poweroff" doesn't solve your problem. It doesn't need a password (assuming your user account/session is set up correctly), and /usr/bin/{halt,shutdown,poweroff} are just a symbolic links to /usr/bin/systemctl anyway.
Is shutdown deprecated now? I don't get it! ...and if those are just symlinks, why do I need a password for shutdown?
Yes it is.
You shouldn't need a password if your session is set-up. As far as I can remember, you need polkit installed.
However if other users are logged in, and you are not root, Systemd will ask for a password. I don't think it will if you are running as root though, I haven't checked.
"...one cannot be angry when one looks at a penguin." - John Ruskin
"Life in general is a bit shit, and so too is the internet. And that's all there is." - scepticisle
Offline
Are you a member of the group "sudo" or "wheel" (whichever one you want to use)? Have you logged out (or rebooted) since adding yourself to the group?
Please post the entire "sudoers" file. I once went crazy trying to fix a sudo bug that was being caused by a completely unrelated part of the file.
Yes, I rebooted after changes and
cat /etc/groups
lists my username after wheel (but it doesn't show a group sudo!)! Here's the full sudoers:
## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##
##
## Host alias specification
##
## Groups of machines. These may include host names (optionally with wildcards),
## IP addresses, network numbers or netgroups.
# Host_Alias WEBSERVERS = www1, www2, www3
##
## User alias specification
##
## Groups of users. These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias ADMINS = millert, dowdy, mikef
##
## Cmnd alias specification
##
## Groups of commands. Often used to group related commands together.
# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
# /usr/bin/pkill, /usr/bin/top
##
## Defaults specification
##
## You may wish to keep some of the following environment variables
## when running commands via sudo.
##
## Locale settings
# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
##
## Run X applications through sudo; HOME is used to find the
## .Xauthority file. Note that other programs use HOME to find
## configuration files and this may lead to privilege escalation!
# Defaults env_keep += "HOME"
##
## X11 resource path settings
# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
##
## Desktop path settings
# Defaults env_keep += "QTDIR KDEDIR"
##
## Allow sudo-run commands to inherit the callers' ConsoleKit session
# Defaults env_keep += "XDG_SESSION_COOKIE"
##
## Uncomment to enable special input methods. Care should be taken as
## this may allow users to subvert the command being run via sudo.
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
##
## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
# Defaults log_output
# Defaults!/usr/bin/sudoreplay !log_output
# Defaults!/usr/local/bin/sudoreplay !log_output
# Defaults!/sbin/reboot !log_output
##
## Runas alias specification
##
##
## User privilege specification
##
root ALL=(ALL) ALL
## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Uncomment to allow members of group sudo to execute any command
#%sudo ALL=(ALL) ALL
# Allow members of group wheel to execute shutdown without entering password
%wheel ALL=(ALL) NOPASSWD: /usr/bin/shutdown
Defaults insults
## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw # Ask for the password of the target user
# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
## Read drop-in files from /etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /etc/sudoers.d
According to systemctl man page, a wall message is shown to all users if you use systemctl.
Yes, but it shows the wall message just when it's about to halt, isn't it? The command "shutdown" gives warnings every now and then (I think 1hour, 1/2 hour and 10 min. before actual shutdown!)
You shouldn't need a password if your session is set-up. As far as I can remember, you need polkit installed.
However if other users are logged in, and you are not root, Systemd will ask for a password. I don't think it will if you are running as root though, I haven't checked.
I have polkit and I do need a password to run "shutdown"! No other users logged in!
This sounds like sudo doesn't let you do anything without a password (or did you only try other symlinks?).
Haven't tried any other commands yet!
I can guess what the problem with sudo is and this superuser thread confirms my suspicion.
So is there a way to address systemctl with parameters like +100 (= in 100minutes). I tried with the shutdown syntax, but it didn't work!
Offline
You put "/usr/bin/shutdown" in sudoers for no password, but that is not actually what you are executing.
I'm pretty sure sudoers entries must match the full command line, so you'll either need to put "/usr/bin/shutdown -h +120" for the no password line in sudoers, or put your preferred shutdown command in a script, and put the path to that script in sudoers.
Edit: my memory was incorrect. I had related issues a while back, and at that time including the full command line worked.
Last edited by Trilby (2014-02-05 15:55:13)
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
You put "/usr/bin/shutdown" in sudoers for no password, but that is not actually what you are executing.
I too think that might be the problem.
Try this simple test. Change this:
%wheel ALL=(ALL) NOPASSWD: /usr/bin/shutdown
To this:
%wheel ALL=(ALL) NOPASSWD: ALL
Then try running ANY application using sudo. (For example, "sudo xterm") Does it start without a password? If yes, then your "sudoers" file is fine but you aren't telling it the correct application name, like Trilby said.
I'm afraid you'll have to get used to systemd. It's "The Future".
Offline
You put "/usr/bin/shutdown" in sudoers for no password, but that is not actually what you are executing.
I'm pretty sure sudoers entries must match the full command line, so you'll either need to put "/usr/bin/shutdown -h +120" for the no password line in sudoers, or put your preferred shutdown command in a script, and put the path to that script in sudoers.
Is it really like this? Then I'm out, since I use the command with random numbers (10, 20, 60, 100, 120, 200,...) so it would be pointless to have so many entries I guess!
Offline
You can use wildcards in the command specification in sudoers (see man sudoers and the wildcard section).
"...one cannot be angry when one looks at a penguin." - John Ruskin
"Life in general is a bit shit, and so too is the internet. And that's all there is." - scepticisle
Offline
I'm pretty sure sudoers entries must match the full command line, so you'll either need to put "/usr/bin/shutdown -h +120" for the no password line in sudoers, or put your preferred shutdown command in a script, and put the path to that script in sudoers.
A command name is a fully quali‐fied file name which may include shell-style wildcards (see the Wildcards section below). A simple file name allows the user to run the command with any arguments he/she wishes. However, you may also specify command line arguments (including wildcards). Alternately, you can specify "" to indicate that the command may only be run without command line arguments.
So is there a way to address systemctl with parameters like +100 (= in 100minutes). I tried with the shutdown syntax, but it didn't work!
No, systemctl only parses such arguments when it's run as shutdown (through the symlink). What you should have gotten from that superuser question+answer is that it might work if you put /usr/bin/systemctl in the sudoers file. However, that means allowing "any arguments [the user] wishes" (giving them full systemctl powers).
It's probably better to do something similar to what Trilby suggested: write a tiny wrapper script that forwards its arguments to shutdown, and configure sudo so you can run this script with root privileges without entering a password. Haven't tested this yet, but it's not too much work, so it can't hurt to try.
You can also email the systemd people to find out why shutdown requires a password while poweroff doesn't, or see if they know a proper way to do this with systemctl.
Last edited by Raynman (2014-02-05 14:57:57)
Offline
You put "/usr/bin/shutdown" in sudoers for no password, but that is not actually what you are executing.
I'm pretty sure sudoers entries must match the full command line
That doesn't seem to be the case in my experience. e.g. I have the following:
build ALL= NOPASSWD: /usr/bin/extra-x86_64-build,/usr/bin/multilib-build
And I can execute 'sudo multilib-build', 'sudo multilib-build -c', 'sudo extra-x86_64-build -- -u', etc. just fine without a password prompt. I'm not sure if sudo is "smart" enough to recognise that what's actually being run is /usr/bin/systemctl rather than the symlink in this case though.
Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD
Making lemonade from lemons since 2015.
Online
No, systemctl only parses such arguments when it's run as shutdown (through the symlink)....
Thanks for that, that answers some of the confusion I had.
"...one cannot be angry when one looks at a penguin." - John Ruskin
"Life in general is a bit shit, and so too is the internet. And that's all there is." - scepticisle
Offline