crawford@ENUXHA.EAS.ASU.EDU (Brian Crawford) (05/15/91)
Thanks to all for the suggestions.
It turned out to be the gettydef configuration (I went through it 4 or 5 times
before posting the question - honest! :) Just threw the 'SANE' back in to
the settings, and all is well.
While I'm rambling here, two more questions:
1) If I were writing a few programs, where each program had their own
separate group ID defined in /etc/group along with the users with
access to that group (along with the program attatched to it), how
would I switch the users's group within a C program in order to run
the program with as if they were part of that group?
It is not possible to keep a user in one group, as I need to 'key'
a set of programs by their own unique group somehow. I've written a
program to read the /etc/group file myself and determine group membership,
but thought I'd post this to possibly find a better way.
I tried using 'newgrp' command, but alas, it doesn't work for
within a program.
2) We do not always have someone present w/ super-user privs, and need to run
'shutdown' from a few other accounts. Could someone please recommend a way
to shutdown the system down without superuser privilages? The 'shutdown'
with this sytem (SCO XENIX 2.3.2) will only work from a super-user privs-
even when the file ownership is changed at the command line.
Comments appreciated.
-------------------------------------------------------------------------------
Brian Crawford INTERNET (current): crawford@enuxha.eas.asu.edu
PO Box 804 (permanent): crawford@stjhmc.fidonet.org
Tempe, Arizona 85280 FidoNet: 1:114/15.12
USA Amateur: KL7JDQ
-------------------------------------------------------------------------------bill@bilver.uucp (Bill Vermillion) (05/16/91)
In article <9105150354.AA03687@enuxha.eas.asu.edu> crawford@ENUXHA.EAS.ASU.EDU (Brian Crawford) writes: >2) We do not always have someone present w/ super-user privs, and need to run > 'shutdown' from a few other accounts. Could someone please recommend a way > to shutdown the system down without superuser privilages? The 'shutdown' > with this sytem (SCO XENIX 2.3.2) will only work from a super-user privs- > even when the file ownership is changed at the command line. I have a site with several machines, all running Xenix 2.3.2. I took the shutdown scripit, edited it to look for another user id at the console called poweroff. Gave that id privledges of root. To shutdown they login is poweroff and away it goes. The machines are in an environment where we aren't worried about someone trying to break in but we don't want people playing so only very few in the building know of the root password. We also let that run with no password so the machine can be brought down rapidly in the event of severe approaching storms. If you are not in a secure area, double and triple check to make sure you can't break out of your script, if you decide to do it this way. It has saved lots of headaches because if someone really screws something up and they can't find me (I'm only there 12 hours/week) or the person that knows a bit about the system (sort of) the user reponsible knows that poweroff and restart will usually cure most of their problems. You can also assign that a password and limit it. -- Bill Vermillion - UUCP: ...!tarpit!bilver!bill : bill@bilver.UUCP
andyb@stb.info.com (Andy B.) (05/18/91)
crawford@ENUXHA.EAS.ASU.EDU (Brian Crawford) writes: > 2) We do not always have someone present w/ super-user privs, and need to run > 'shutdown' from a few other accounts. Could someone please recommend a way > to shutdown the system down without superuser privilages? The 'shutdown' > with this sytem (SCO XENIX 2.3.2) will only work from a super-user privs- > even when the file ownership is changed at the command line. > > Comments appreciated. I've never done it but, how about putting a wrapper around the shutdown command? Then whomever you want to run shutdown, can own the wrapper, and the wrapper can give them the right priveledges for the duration of the command. You may want to ask someone else about security issues however. I imagine it depends on how you implement it... Andy -- If it's not broken...your girlfriend will get bored with it anyway.
bill@bilver.uucp (Bill Vermillion) (05/25/91)
In article <1991May18.051251.1438@stb.info.com> andyb@stb.info.com (Andy B.) writes: >crawford@ENUXHA.EAS.ASU.EDU (Brian Crawford) writes: >> 2) We do not always have someone present w/ super-user privs, and need to run >> 'shutdown' from a few other accounts. Could someone please recommend a way >> to shutdown the system down without superuser privilages? The 'shutdown' >> with this sytem (SCO XENIX 2.3.2) will only work from a super-user privs- >> even when the file ownership is changed at the command line. >I've never done it but, how about putting a wrapper around the >shutdown command? Then whomever you want to run shutdown, can own >the wrapper, and the wrapper can give them the right priveledges >for the duration of the command. For starters LOOK at the shutdown command. It's a script on the SCO Xenix systems (don't know about SCO Unix). There is a line that tests for login-in and if it's running at the console. Clone the script, modify it, and run it that way. A wrapper won't do it from what I can see. -- Bill Vermillion - UUCP: ...!tarpit!bilver!bill : bill@bilver.UUCP
Bill.Vermillion@sunbrk.FidoNet.Org (Bill Vermillion) (05/25/91)
In article <1991May18.051251.1438@stb.info.com> andyb@stb.info.com (Andy B.) writes: >crawford@ENUXHA.EAS.ASU.EDU (Brian Crawford) writes: >> 2) We do not always have someone present w/ super-user privs, and need to run >> 'shutdown' from a few other accounts. Could someone please recommend a way >> to shutdown the system down without superuser privilages? The 'shutdown' >> with this sytem (SCO XENIX 2.3.2) will only work from a super-user privs- >> even when the file ownership is changed at the command line. >I've never done it but, how about putting a wrapper around the >shutdown command? Then whomever you want to run shutdown, can own >the wrapper, and the wrapper can give them the right priveledges >for the duration of the command. For starters LOOK at the shutdown command. It's a script on the SCO Xenix systems (don't know about SCO Unix). There is a line that tests for login-in and if it's running at the console. Clone the script, modify it, and run it that way. A wrapper won't do it from what I can see. -- Bill Vermillion - UUCP: ...!tarpit!bilver!bill : bill@bilver.UUCP * Origin: Seaeast - Fidonet<->Usenet Gateway - sunbrk (1:343/15.0)
terry@jgaltstl.UUCP (terry linhardt) (05/27/91)
> 2) We do not always have someone present w/ super-user privs, and need to run > 'shutdown' from a few other accounts. Could someone please recommend a way > to shutdown the system down without superuser privilages? The 'shutdown' > with this sytem (SCO XENIX 2.3.2) will only work from a super-user privs- > even when the file ownership is changed at the command line. > > Comments appreciated. Some people don't like this approach, but you could just have a special login which does only one thing, which is to run the shutdown program. A typical passwd entry would be as follows: shutdown:x:0:150:shutdown login:/:/etc/shutdown Although whoever executed this program would have root priviledges, the person logged in as shutdown would never get a shell and instead be presented with a login prompt as soon as the shutdown program terminated. -- |---------------------------------------------------------------------| | Terry Linhardt The Lafayette Group uunet!jgaltstl!terry | |---------------------------------------------------------------------|