moore@emily.uvm.edu (Bryan Moore) (04/17/91)
I would like to give users on my system the ability to do a 'shutdown' from a $ prompt. I've tried setting up a script which sets the users id to root and group id to system, and then calls shutdown, but thi doesn't work. Can someone let me know if this is possible, and if so how? Thanks! -Bryan BRYAN R. MOORE | "Last night I had that same old dream EMAIL: moore@uvm-gen.uvm.edu | it rocked me in my sleep, it gave me USMAIL: 12 Waybury Rd. Colchester, | the impression the sandman plays for Vermont 05446 | keeps..." Larry Norman
woan@exeter.austin.ibm.com (Ronald S Woan) (04/23/91)
In article <1991Apr17.130522.26957@uvm.edu> moore@emily.uvm.edu (Bryan Moore) writes: >I would like to give users on my system the ability to do a >'shutdown' from a $ prompt. I've tried setting up a script >which sets the users id to root and group id to system, and >then calls shutdown, but thi doesn't work. Can someone let >me know if this is possible, and if so how? Offhand, I seem to recall that setuid shell scripts are not allowed (won't function) under AIX 3.1 for security reasons, so you'll have to write a C (or whatever) wrapper around it. -- +-----All Views Expressed Are My Own And Are Not Necessarily Shared By------+ +------------------------------My Employer----------------------------------+ + Ronald S. Woan woan@cactus.org or woan@austin.vnet.ibm.com + + other email addresses Prodigy: XTCR74A Compuserve: 73530,2537 +
scott@prism.gatech.EDU (Scott Holt) (04/23/91)
In article <1991Apr17.130522.26957@uvm.edu> moore@emily.uvm.edu (Bryan Moore) writes: >I would like to give users on my system the ability to do a >'shutdown' from a $ prompt. I've tried setting up a script >which sets the users id to root and group id to system, and >then calls shutdown, but thi doesn't work. Can someone let >me know if this is possible, and if so how? You may wish to look into a program called opcom, written by Carel Braam. It allows members of a particular group to execute specified commands under a different user and group ID. Which commands can be executed, what the user/group ID will be and who can execute them is defined by a configuration file which the system administrator maintains. For example: /etc/shutdown : operator : root : daemon specifies that members of group operator can execute /etc/shutdown and have it run with real user ID root and real group id daemon. We use it to provide certain functions to our operations staff - who do not ordinarily have root access. It seems to work pretty well. I think you can find it in the FTP archives on uunet.uu.net. - Scott -- This is my signature. There are many like it, but this one is mine. Scott Holt Internet: scott@prism.gatech.edu Georgia Tech UUCP: ..!gatech!prism!scott Office of Information Technology, Technical Services