1 |
On Mon, Mar 10, 2014 at 09:15:13PM +0100, Jarry wrote |
2 |
> Hi, |
3 |
> how can I allow other (not-root) users to shut down system? |
4 |
> |
5 |
> I tried to add them to /etc/shutdown.allow but it works only |
6 |
> for "Ctrl-Alt-Del". When they try shutdown per command line |
7 |
> (/sbin/shutdown -a -h now) they still get: |
8 |
> |
9 |
> shutdown: you must be root to do that! |
10 |
> Usage: ... |
11 |
> |
12 |
> Is there any way to achieve this without installing sudo? |
13 |
|
14 |
You seem to be under the impression that sudo is all-or-nothing. |
15 |
There is a safe compromise. You can specify which commands, with which |
16 |
parameters, are runnable as toot by which user. E.g. my desktop is |
17 |
"d531" and my regular user ID is "waltdnes". I have file |
18 |
/etc/sudoers.d/001 containing stuff like... |
19 |
|
20 |
waltdnes d531 = (root) NOPASSWD: /sbin/hwclock --systohc |
21 |
waltdnes d531 = (root) NOPASSWD: /usr/bin/openrdate -n -s ca.pool.ntp.org |
22 |
|
23 |
...and I have a script ~/bin/settime |
24 |
|
25 |
#!/bin/bash |
26 |
/usr/bin/sudo /usr/bin/openrdate -n -s ca.pool.ntp.org |
27 |
/usr/bin/sudo /sbin/hwclock --systohc |
28 |
|
29 |
...which sets my clock. You would want... |
30 |
|
31 |
userid machine_name = (root) NOPASSWD: /sbin/shutdown -a -h now |
32 |
|
33 |
...in /etc/sudoers.d/001 |
34 |
|
35 |
*NOTE*. Use "visudo" to edit any sudoers file. Do not edit directly |
36 |
with vim/nano/emacs/etc. "man visudo" for further details. |
37 |
|
38 |
-- |
39 |
Walter Dnes <waltdnes@××××××××.org> |
40 |
I don't run "desktop environments"; I run useful applications |