You are not logged in.

Pages: 1

#1 2008-02-14 17:46:29

dyscoria
Member
Registered: 2008-01-10
Posts: 1,007

Safe permissions for shutdown commands

Firstly, what is the reason for the shutdown/reboot/halt commands not being available for the normal user by default?

Secondly, as a normal laptop user with no ssh or anything like that running, are there any major security holes i'm opening my system to by changing the permissions?

Finally, what would the best way to change the permissions be? I've tried adding myself to the 'power' group but not much success (reboot still gives me the "must be superuser" alert). Current permissions are:

-rwxr-xr-x  1 root root   21600 Nov 15 20:03 shutdown
-rwxr-xr-x  1 root root   12464 Nov 15 20:03 halt
lrwxrwxrwx  1 root root       4 Nov 15 20:03 poweroff -> halt
lrwxrwxrwx  1 root root       4 Nov 15 20:03 reboot -> halt

I'm not sure why the default user can't access the commands, as there is read and execute allowed for non-root users (as I understand anyway).

Thanks!

Last edited by dyscoria (2008-02-14 17:47:11)

flack 2.0.6: menu-driven BASH script to easily tag FLAC files (AUR)
knock-once 1.2: BASH script to easily create/send one-time sequences for knockd (forum/AUR)

Offline

#2 2008-02-14 18:09:21

Misfit138
Misfit Emeritus
From: USA
Registered: 2006-11-27
Posts: 4,189

Re: Safe permissions for shutdown commands

You could install sudo and configure the sudoers file with visudo, so that your user or group can use those commands.

Amiga 1000 restomod
IBM PCjr restomod
C=64 restodmod
Sauengard

Offline

#3 2008-02-14 18:10:57

dyscoria
Member
Registered: 2008-01-10
Posts: 1,007

Re: Safe permissions for shutdown commands

Oh, I should have mentioned that. I'm trying to avoid using sudo if possible tongue

flack 2.0.6: menu-driven BASH script to easily tag FLAC files (AUR)
knock-once 1.2: BASH script to easily create/send one-time sequences for knockd (forum/AUR)

Offline

#4 2008-02-14 18:16:36

freakcode
Member
From: São Paulo - Brazil
Registered: 2007-11-03
Posts: 410
Website

Re: Safe permissions for shutdown commands

You can look how login managers (XDM, KDM, GDM, Slim) handle that... I guess it's because the daemons are started as root user, so they have access to restart/shutdown.

Anyway, its safest to let shutdown/restart to root only. You don't want "shutdown -h now" like me (by accident, it was on the shell history), when you have all your work open, and you start seeing all processes being killed, the X server, the shell... with no recover back. Seriously, it's the scariest thing I've seen.

Offline

#5 2008-02-14 18:22:34

dyscoria
Member
Registered: 2008-01-10
Posts: 1,007

Re: Safe permissions for shutdown commands

freakcode wrote:

You can look how login managers (XDM, KDM, GDM, Slim) handle that... I guess it's because the daemons are started as root user, so they have access to restart/shutdown.

On this partition i've got Arch with Openbox....and doing the old-school slackware login style without a login manager and that's basically how i'm planning to keep it.

freakcode wrote:

Anyway, its safest to let shutdown/restart to root only. You don't want "shutdown -h now" like me (by accident, it was on the shell history), when you have all your work open, and you start seeing all processes being killed, the X server, the shell... with no recover back. Seriously, it's the scariest thing I've seen.

I knew there'd be a good reason somewhere for me to keep permissions restricted.

I think i'm going to keep it as it is now. I don't shutdown often anyway...:P

flack 2.0.6: menu-driven BASH script to easily tag FLAC files (AUR)
knock-once 1.2: BASH script to easily create/send one-time sequences for knockd (forum/AUR)

Offline

Pages: 1

Board footer

Powered by FluxBB