You are not logged in.

#1 2014-02-02 22:22:09

friendofarch
Member
Registered: 2013-12-30
Posts: 59

Shutdown not working without password / Edited sudoers

Hi, I want to use shutdown without password, but somehow I don't get it to work...

I edited /etc/sudoers (with visudo of course!) but still I have to enter the PW everytime!

Here is the relevant part of that file:

##
## User privilege specification
##
root ALL=(ALL) ALL

## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL

## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

## Uncomment to allow members of group sudo to execute any command
%sudo ALL=(ALL) ALL


# Allow members of group sudo to execute shutdown without entering password 

%sudo	ALL=NOPASSWD:	/usr/bin/shutdown

Defaults insults


## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw  # Ask for the password of the target user
# ALL ALL=(ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'

## Read drop-in files from /etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /etc/sudoers.d

I tried many different variations, but none works! Where is my mistake?

Offline

#2 2014-02-02 22:27:54

Dunke
Member
From: Riga, Latvia
Registered: 2014-02-02
Posts: 5

Re: Shutdown not working without password / Edited sudoers

systemctl poweroff

Offline

#3 2014-02-03 10:18:42

friendofarch
Member
Registered: 2013-12-30
Posts: 59

Re: Shutdown not working without password / Edited sudoers

OK, that works but it doesn't solve my problem ;-) Thanks anyway!

I like to use shutdown with a timer like this:

shutdown -h +120

i.e. shutdown system in 120 minutes.

Back to post no.1. What is wrong?

Last edited by friendofarch (2014-02-03 10:19:32)

Offline

#4 2014-02-03 10:25:39

Dunke
Member
From: Riga, Latvia
Registered: 2014-02-02
Posts: 5

Re: Shutdown not working without password / Edited sudoers

%wheel ALL=(ALL) NOPASSWD: /usr/bin/shutdown

Have you tried it that way?

Also, /usr/bin/shutdown is just a symlink:

lrwxrwxrwx 1 root root 9 Jan  7 03:07 /usr/bin/shutdown -> systemctl

Offline

#5 2014-02-03 12:50:59

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: Shutdown not working without password / Edited sudoers

Offline

#6 2014-02-05 10:09:34

friendofarch
Member
Registered: 2013-12-30
Posts: 59

Re: Shutdown not working without password / Edited sudoers

Dunke wrote:
%wheel ALL=(ALL) NOPASSWD: /usr/bin/shutdown

Have you tried it that way?

Yes, tried it now, but still not working :-( (and yes, I checked if I'm a member of wheel)

Dunke wrote:

Also, /usr/bin/shutdown is just a symlink:

lrwxrwxrwx 1 root root 9 Jan  7 03:07 /usr/bin/shutdown -> systemctl

What does that mean to me? Is there a way to have a timed usage of systemctl?

karol wrote:

Still I can't find a way to have e.g. my computer shutdown after 2 hours! Isn't that possible with Arch?

Offline

#7 2014-02-05 12:30:47

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: Shutdown not working without password / Edited sudoers

How about 'sleep 7200 && sudo poweroff'?

Offline

#8 2014-02-05 12:39:48

WorMzy
Administrator
From: Scotland
Registered: 2010-06-16
Posts: 12,513
Website

Re: Shutdown not working without password / Edited sudoers

Or even

sleep 2h && systemctl poweroff

I don't know why "systemctl poweroff" doesn't solve your problem. It doesn't need a password (assuming your user account/session is set up correctly), and /usr/bin/{halt,shutdown,poweroff} are just a symbolic links to /usr/bin/systemctl anyway.

EDIT: I can't read. You want to use the old style syntax to shutdown, and that means you have to use /usr/bin/shutdown. You still need to use 'sudo shutdown' , or else the sudoers file won't be used.

Last edited by WorMzy (2014-02-05 12:53:30)


Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

#9 2014-02-05 13:36:21

skanky
Member
From: WAIS
Registered: 2009-10-23
Posts: 1,847

Re: Shutdown not working without password / Edited sudoers

Interestingly, systemd does appear to provide a shutdown command that provides this functionality: http://www.freedesktop.org/software/sys … tdown.html
I remember reading somewhere that it was deprecated and only to provide compatibility with sysv, though I can't find the link.

The Arch packages don't seem to provide the application for it (systemd-sysvcompat is what provides the symlink).

I have seen references to APIs and abilities to schedule shutdown in some systemd documentation (e.g blog posts listing changelists, etc.) but no example of how to do it. Searching for systemd shutdown, etc. is not useful as there is a lot of noise. The whole shutdown system in systemd is a little confusing (see systemd-shutdownd for example).


I find it a little difficult to believe that scheduled shutdowns aren't possible, considering how important they are to servers, so I must be missing something. I just hope it's not too obvious. hmm


"...one cannot be angry when one looks at a penguin."  - John Ruskin
"Life in general is a bit shit, and so too is the internet. And that's all there is." - scepticisle

Offline

#10 2014-02-05 13:39:33

friendofarch
Member
Registered: 2013-12-30
Posts: 59

Re: Shutdown not working without password / Edited sudoers

WorMzy wrote:

Or even

sleep 2h && systemctl poweroff

This is much longer plus I (and everyone else logged in) don't get warning messages that system is gonna shutdown in x minutes!

WorMzy wrote:

I don't know why "systemctl poweroff" doesn't solve your problem. It doesn't need a password (assuming your user account/session is set up correctly), and /usr/bin/{halt,shutdown,poweroff} are just a symbolic links to /usr/bin/systemctl anyway.

Is shutdown deprecated now? I don't get it! ...and if those are just symlinks, why do I need a password for shutdown?


WorMzy wrote:

EDIT: I can't read. You want to use the old style syntax to shutdown, and that means you have to use /usr/bin/shutdown. You still need to use 'sudo shutdown' , or else the sudoers file won't be used.

Of course I tried with sudo! the normal behaviour is that I use "sudo shutdown ..." without the need to enter password afterwards. I had it like this on Debian before and I think even on Manjaro. Just now (actually on Antergos) I don't get it to work!

Also if I want to use another command without password I still have the same problem! I really apreciate Your help, but so far those are only workarounds! Not solutions wink

Last edited by friendofarch (2014-02-05 13:40:04)

Offline

#11 2014-02-05 13:48:40

drcouzelis
Member
From: Connecticut, USA
Registered: 2009-11-09
Posts: 4,092
Website

Re: Shutdown not working without password / Edited sudoers

Are you a member of the group "sudo" or "wheel" (whichever one you want to use)? Have you logged out (or rebooted) since adding yourself to the group?

Please post the entire "sudoers" file. I once went crazy trying to fix a sudo bug that was being caused by a completely unrelated part of the file. sad

Offline

#12 2014-02-05 13:54:15

Raynman
Member
Registered: 2011-10-22
Posts: 1,539

Re: Shutdown not working without password / Edited sudoers

I don't know if you should really consider it deprecated. I also don't know why shutdown needs a password while other symlinked operations (poweroff/reboot) don't (shutdown is slightly more powerful, but I can't think of any reason to hide these options from a single user physically logged in to the machine).

I can guess what the problem with sudo is and this superuser thread confirms my suspicion. What does worry me is that you also say

Also if I want to use another command without password I still have the same problem!

This sounds like sudo doesn't let you do anything without a password (or did you only try other symlinks?).

Offline

#13 2014-02-05 13:59:03

skanky
Member
From: WAIS
Registered: 2009-10-23
Posts: 1,847

Re: Shutdown not working without password / Edited sudoers

friendofarch wrote:
WorMzy wrote:

Or even

sleep 2h && systemctl poweroff

This is much longer plus I (and everyone else logged in) don't get warning messages that system is gonna shutdown in x minutes!

According to systemctl man page, a wall message is shown to all users if you use systemctl.

friendofarch wrote:
WorMzy wrote:

I don't know why "systemctl poweroff" doesn't solve your problem. It doesn't need a password (assuming your user account/session is set up correctly), and /usr/bin/{halt,shutdown,poweroff} are just a symbolic links to /usr/bin/systemctl anyway.

Is shutdown deprecated now? I don't get it! ...and if those are just symlinks, why do I need a password for shutdown?

Yes it is.
You shouldn't need a password if your session is set-up. As far as I can remember, you need polkit installed.
However if other users are logged in, and you are not root, Systemd will ask for a password. I don't think it will if you are running as root though, I haven't checked.


"...one cannot be angry when one looks at a penguin."  - John Ruskin
"Life in general is a bit shit, and so too is the internet. And that's all there is." - scepticisle

Offline

#14 2014-02-05 14:22:31

friendofarch
Member
Registered: 2013-12-30
Posts: 59

Re: Shutdown not working without password / Edited sudoers

drcouzelis wrote:

Are you a member of the group "sudo" or "wheel" (whichever one you want to use)? Have you logged out (or rebooted) since adding yourself to the group?

Please post the entire "sudoers" file. I once went crazy trying to fix a sudo bug that was being caused by a completely unrelated part of the file. sad

Yes, I rebooted after changes and

cat /etc/groups

lists my username after wheel (but it doesn't show a group sudo!)! Here's the full sudoers:

## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##

##
## Host alias specification
##
## Groups of machines. These may include host names (optionally with wildcards),
## IP addresses, network numbers or netgroups.
# Host_Alias	WEBSERVERS = www1, www2, www3

##
## User alias specification
##
## Groups of users.  These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias	ADMINS = millert, dowdy, mikef

##
## Cmnd alias specification
##
## Groups of commands.  Often used to group related commands together.
# Cmnd_Alias	PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
# 			    /usr/bin/pkill, /usr/bin/top

##
## Defaults specification
##
## You may wish to keep some of the following environment variables
## when running commands via sudo.
##
## Locale settings
# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
##
## Run X applications through sudo; HOME is used to find the
## .Xauthority file.  Note that other programs use HOME to find   
## configuration files and this may lead to privilege escalation!
# Defaults env_keep += "HOME"
##
## X11 resource path settings
# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
##
## Desktop path settings
# Defaults env_keep += "QTDIR KDEDIR"
##
## Allow sudo-run commands to inherit the callers' ConsoleKit session
# Defaults env_keep += "XDG_SESSION_COOKIE"
##
## Uncomment to enable special input methods.  Care should be taken as
## this may allow users to subvert the command being run via sudo.
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
##
## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
# Defaults log_output
# Defaults!/usr/bin/sudoreplay !log_output
# Defaults!/usr/local/bin/sudoreplay !log_output
# Defaults!/sbin/reboot !log_output

##
## Runas alias specification
##

##
## User privilege specification
##
root ALL=(ALL) ALL

## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL

## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

## Uncomment to allow members of group sudo to execute any command
#%sudo ALL=(ALL) ALL


# Allow members of group wheel to execute shutdown without entering password


%wheel	ALL=(ALL)	NOPASSWD:	/usr/bin/shutdown

Defaults insults


## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw  # Ask for the password of the target user
# ALL ALL=(ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'

## Read drop-in files from /etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /etc/sudoers.d
skanky wrote:

   
According to systemctl man page, a wall message is shown to all users if you use systemctl.

Yes, but it shows the wall message just when it's about to halt, isn't it? The command "shutdown" gives warnings every now and then (I think 1hour, 1/2 hour and 10 min. before actual shutdown!)

skanky wrote:

   
You shouldn't need a password if your session is set-up. As far as I can remember, you need polkit installed.
However if other users are logged in, and you are not root, Systemd will ask for a password. I don't think it will if you are running as root though, I haven't checked.

I have polkit and I do need a password to run "shutdown"! No other users logged in!

Raynman wrote:

   
This sounds like sudo doesn't let you do anything without a password (or did you only try other symlinks?).

Haven't tried any other commands yet!

Raynman wrote:

   I can guess what the problem with sudo is and this superuser thread confirms my suspicion.

So is there a way to address systemctl with parameters like +100 (= in 100minutes). I tried with the shutdown syntax, but it didn't work!

Offline

#15 2014-02-05 14:34:51

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,330
Website

Re: Shutdown not working without password / Edited sudoers

You put "/usr/bin/shutdown" in sudoers for no password, but that is not actually what you are executing.

I'm pretty sure sudoers entries must match the full command line, so you'll either need to put "/usr/bin/shutdown -h +120" for the no password line in sudoers, or put your preferred shutdown command in a script, and put the path to that script in sudoers.

Edit: my memory was incorrect.  I had related issues a while back, and at that time including the full command line worked.

Last edited by Trilby (2014-02-05 15:55:13)


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#16 2014-02-05 14:44:06

drcouzelis
Member
From: Connecticut, USA
Registered: 2009-11-09
Posts: 4,092
Website

Re: Shutdown not working without password / Edited sudoers

Trilby wrote:

You put "/usr/bin/shutdown" in sudoers for no password, but that is not actually what you are executing.

I too think that might be the problem.

Try this simple test. Change this:

%wheel	ALL=(ALL)	NOPASSWD:	/usr/bin/shutdown

To this:

%wheel ALL=(ALL) NOPASSWD: ALL

Then try running ANY application using sudo. (For example, "sudo xterm") Does it start without a password? If yes, then your "sudoers" file is fine but you aren't telling it the correct application name, like Trilby said.

I'm afraid you'll have to get used to systemd. It's "The Future". hmm

Offline

#17 2014-02-05 14:45:25

friendofarch
Member
Registered: 2013-12-30
Posts: 59

Re: Shutdown not working without password / Edited sudoers

Trilby wrote:

You put "/usr/bin/shutdown" in sudoers for no password, but that is not actually what you are executing.

I'm pretty sure sudoers entries must match the full command line, so you'll either need to put "/usr/bin/shutdown -h +120" for the no password line in sudoers, or put your preferred shutdown command in a script, and put the path to that script in sudoers.

Is it really like this? Then I'm out, since I use the command with random numbers (10, 20, 60, 100, 120, 200,...) so it would be pointless to have so many entries I guess!

Offline

#18 2014-02-05 14:47:27

skanky
Member
From: WAIS
Registered: 2009-10-23
Posts: 1,847

Re: Shutdown not working without password / Edited sudoers

You can use wildcards in the command specification in sudoers (see man sudoers and the wildcard section).


"...one cannot be angry when one looks at a penguin."  - John Ruskin
"Life in general is a bit shit, and so too is the internet. And that's all there is." - scepticisle

Offline

#19 2014-02-05 14:52:20

Raynman
Member
Registered: 2011-10-22
Posts: 1,539

Re: Shutdown not working without password / Edited sudoers

Trilby wrote:

I'm pretty sure sudoers entries must match the full command line, so you'll either need to put "/usr/bin/shutdown -h +120" for the no password line in sudoers, or put your preferred shutdown command in a script, and put the path to that script in sudoers.

man sudoers wrote:

A command name is a fully quali‐fied file name which may include shell-style wildcards (see the Wildcards section below).  A simple file name allows the user to run the command with any arguments he/she wishes.  However, you may also specify command line arguments (including wildcards).  Alternately, you can specify "" to indicate that the command may only be run without command line arguments.

friendofarch wrote:

So is there a way to address systemctl with parameters like +100 (= in 100minutes). I tried with the shutdown syntax, but it didn't work!

No, systemctl only parses such arguments when it's run as shutdown (through the symlink). What you should have gotten from that superuser question+answer is that it might work if you put /usr/bin/systemctl in the sudoers file. However, that means allowing "any arguments [the user] wishes" (giving them full systemctl powers).

It's probably better to do something similar to what Trilby suggested: write a tiny wrapper script that forwards its arguments to shutdown, and configure sudo so you can run this script with root privileges without entering a password. Haven't tested this yet, but it's not too much work, so it can't hurt to try.

You can also email the systemd people to find out why shutdown requires a password while poweroff doesn't, or see if they know a proper way to do this with systemctl.

Last edited by Raynman (2014-02-05 14:57:57)

Offline

#20 2014-02-05 15:02:15

WorMzy
Administrator
From: Scotland
Registered: 2010-06-16
Posts: 12,513
Website

Re: Shutdown not working without password / Edited sudoers

Trilby wrote:

You put "/usr/bin/shutdown" in sudoers for no password, but that is not actually what you are executing.

I'm pretty sure sudoers entries must match the full command line

That doesn't seem to be the case in my experience. e.g. I have the following:

build ALL= NOPASSWD: /usr/bin/extra-x86_64-build,/usr/bin/multilib-build

And I can execute 'sudo multilib-build', 'sudo multilib-build -c', 'sudo extra-x86_64-build -- -u', etc. just fine without a password prompt. I'm not sure if sudo is "smart" enough to recognise that what's actually being run is /usr/bin/systemctl rather than the symlink in this case though.


Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

#21 2014-02-05 15:09:58

skanky
Member
From: WAIS
Registered: 2009-10-23
Posts: 1,847

Re: Shutdown not working without password / Edited sudoers

Raynman wrote:

No, systemctl only parses such arguments when it's run as shutdown (through the symlink)....

Thanks for that, that answers some of the confusion I had.


"...one cannot be angry when one looks at a penguin."  - John Ruskin
"Life in general is a bit shit, and so too is the internet. And that's all there is." - scepticisle

Offline

Board footer

Powered by FluxBB