ssi@usfvax2.EDU (Ssi) (09/20/88)
I run a Sun file server with clients. My question is
how can I give halt(8) permission to users other than
root. We shut the system down at night and root is
at home.
Greg Ripp Voice Ph = (813)628-6100steve@polyslo.CalPoly.EDU (Steve DeJarnett) (09/21/88)
In article <1128@usfvax2.EDU> ssi@usfvax2.EDU (Ssi) writes: >I run a Sun file server with clients. My question is >how can I give halt(8) permission to users other than >root. We shut the system down at night and root is >at home. Well, one solution (not a good one, by any means, but it is quick and easy) is to make halt(8) group executable (not world) and make it setuid to root. As we all know, setuid programs aren't a great idea, and setuid root programs are an even worse idea. I think you probably wouldn't want halt(8) to be executable, but something more along the lines of shutdown(8). Halting a machine running in multi-user mode isn't a good idea (might just as well sync the disks and shut the machine off :-). The same caveats apply to making shutdown setuid as well as halt (only do one of these!!). The real question is, do you NEED to shut this machine down every night? Is it such a power hog that you can't leave it running??? ------------------------------------------------------------------------------- | Steve DeJarnett | Smart Mailers -> steve@polyslo.CalPoly.EDU | | Computer Systems Lab | Dumb Mailers -> ..!ucbvax!voder!polyslo!steve | | Cal Poly State Univ. |------------------------------------------------| | San Luis Obispo, CA 93407 | BITNET = Because Idiots Type NETwork | -------------------------------------------------------------------------------
terryl@tekcrl.CRL.TEK.COM (09/22/88)
In article <1128@usfvax2.EDU> ssi@usfvax2.EDU (Ssi) writes: >I run a Sun file server with clients. My question is >how can I give halt(8) permission to users other than >root. We shut the system down at night and root is >at home. Pick a group (take my group, please!!! (-:) and make /etc/halt have that group as its groupership; then, make /etc/halt owned by root and set- user-id to root, but executable ONLY by the above mentioned group, i.e. mode 4710, so no mere mortal can execute it. Then, put your trusted users into the above mentioned group so they can halt the system when root is away. For the more paranoid among us, you can have a C program that is set-user-id to root to do a little more verification about whether or not the user can really halt the machine, and after such verification, can call reboot(8) directly, or fork off /etc/halt for a clean shutdown of the system.....
jsp@marvin.UUCP (Johnnie Peters) (09/23/88)
In article <1128@usfvax2.EDU>, ssi@usfvax2.EDU (Ssi) writes: > I run a Sun file server with clients. My question is > how can I give halt(8) permission to users other than > root. We shut the system down at night and root is > at home. > Make a group called halt and change the group of halt to halt. Then add everybodys name to /etc/group that has permission to run the halt program. This may cause some problems with halt because of the group change. I can not see any off hand that it would but you can never tell with out trying. -- Johnnie --
ssi@usfvax2.EDU (Ssi) (09/23/88)
>>... how can I give halt(8) permission to users other than >>root. We shut the system down at night ... > The real question is, do you NEED to shut this machine down every night? >Is it such a power hog that you can't leave it running??? > The electric bill isn't my problem. The system is in Tampa, Fl. ... The lightning capital of the world (approx 100 days/yr). My hardware maintenance contract says something about "ACTS OF GOD!".... The Sun(TM) doesn't always shine in the Sunshine State. Greg Ripp Ph (813)628-6100
pmech@oucsace.cs.OHIOU.EDU (Paul J. Mech) (09/25/88)
In article <1128@usfvax2.EDU>, ssi@usfvax2.EDU (Ssi) writes: > I run a Sun file server with clients. My question is > how can I give halt(8) permission to users other than > root. We shut the system down at night and root is > at home. > I ran into this problem with a client of mine. I wrote a short program to provide a warning and shut down the system, and added the following line to /etc/passwd shutdown::0:0:shutdown system:/etc:/etc:/etc/dienow (The uid and gid for root were both zero on that system. /etc/dienow was the shutdown program.) I then assigned it a password and passed it out to the people who were to shut down the system at night. Trying to 'su' to shutdown produced an error, 'no shell'. And this system worked well for two months until we had eliminated the need for an evening shutdown. pjm
terry@wsccs.UUCP (Every system needs one) (09/28/88)
>>... how can I give halt(8) permission to users other than >>root. We shut the system down at night ... > The real question is, do you NEED to shut this machine down every night? >Is it such a power hog that you can't leave it running??? halt() checks real uid and gid. Your suid root program only has the right euid and egid. How to get around it: Fake it with two programs. The other program just does a halt()... or you could use the regular shell command for it. Either way, it has to be another program. Tricking the halt command by faking your uid gid: system( "sh -c haltprogram"); Magic, eh? | Terry Lambert UUCP: ...{ decvax, ihnp4 } ...utah-cs!century!terry | | @ Century Software OR: ...utah-cs!uplherc!sp7040!obie!wsccs!terry | | SLC, Utah | | These opinions are not my companies, but if you find them | | useful, send a $20.00 donation to Brisbane Australia... | | 'I have an eight user poetic liscence' - me |
wim@dx7.UUCP (Wim Rijnsburger) (09/30/88)
In article <1128@usfvax2.EDU> ssi@usfvax2.EDU (Ssi) writes: >I run a Sun file server with clients. My question is >how can I give halt(8) permission to users other than >root. We shut the system down at night and root is >at home. > > Greg Ripp Voice Ph = (813)628-6100 We had the same problem and I've made a command for that. It is called "safehalt" and the manual page says: Safehalt first checks for other users and remotely mounted filesystems. The system is only halted, if there are no other users and there are no remote hosts, with mounted filesystems from this host. This command is provided to enable unexperienced users to stop the system, without affecting other users or other hosts. If an useraccount is created with root userid and this command as login process, then it is not necessary to give root passwords to unexperienced users, but they still can stop the system to put the power down. In /etc/passwd this line can be added: halt::0:1:System Shutdown::/usr/local/bin/safehalt Here it is, the command, the manual page and the makefile to install the whole thing. -- cut here ------- cut here ------- cut here ------- cut here -- : To unbundle, sh this file echo Makefile cat >Makefile <<'@@@ Fin de Makefile' install: cp safehalt /usr/local/bin cp safehalt.l /usr/man/manl @@@ Fin de Makefile echo safehalt cat >safehalt <<'@@@ Fin de safehalt' #!/bin/csh # # This command checks for other users and remotely mounted filesystems # The system is only halted if there are no other users and there # are no remote hosts, with mounted filesystems from this host # # (c) 1988 Wim Rijnsburger (mcvax!ecn!wim) # Netherlands Energy Research Foundation ECN # P.O.box 1 # 1755 ZG Petten # Holland # set u= (`users`) set m= (`/usr/etc/showmount -a`) if ($#u > 1) echo "Cannot shutdown... users: $u." if ($#m > 0) echo "Cannot shutdown... mounted: $m." if (($#u == 1) && ($#m == 0)) then /etc/umount -a /etc/shutdown -h now endif @@@ Fin de safehalt echo safehalt.l cat >safehalt.l <<'@@@ Fin de safehalt.l' .TH SAFEHALT 8 "5 July 1988" "ECN, Petten (Holland)" .SH NAME safehalt\- halt the processor safely .SH SYNOPSIS .B safehalt .SH DESCRIPTION .LP \fISafehalt\fP first checks for other users and remotely mounted filesystems. The system is only halted, if there are no other users and there are no remote hosts, with mounted filesystems from this host. .LP This command is provided to enable unexperienced users to stop the system, without affecting other users or other hosts. If an useraccount is created with root userid and this command as login process, then it is not necessary to give root passwords to unexperienced users, but they still can stop the system to put the power down. In /etc/passwd this line can be added: .IP halt::0:1:System Shutdown::/usr/local/bin/safehalt .SH "SEE ALSO" halt(8), showmount(8), users(1). .SH "FILES" /usr/local/bin/safehalt .SH DIAGNOSTICS The status messages given should be self explanatory. .SH AUTHOR Wim Rijnsburger, ECN, PO box 1, 1755 ZG Petten (NH), Holland. .br e-mail: mcvax!ecn!wim .SH BUGS Please contact me about bugs and wishes. .SH NOTES The development of \fBsafehalt\fP is part of a research project of the \fINetherlands Energy Research Foundation (ECN), Petten (NH), Holland\fP. @@@ Fin de safehalt.l exit 0
root@amyerg.UUCP (Admin) (10/02/88)
What I need to be able to do is to have a program or script which can do a
system shutdown, fsck my user partition, then reinit the system to level
2. The reason I need it is because of my inodes occasionally deciding to
disappear from the face of the earth during an rnews.
Any help would be greatly appreciated. I have only a 30 meg HD on my
3b2/300, so setting up another partition for my news is not possible.
--
Ewan Grantham (601) 354-6454 ext. 412 Miss. Dept. of Corrections
{}!swbatl!amyerg!egranthm (The Prison People)
My bosses aren't responsible for me, and vice versa
Go New Orleans Saints!!!