I am running CentOS 5.3 and have just the two accounts "root" and "buz". I would like to be able to issue "shutdown" from the account "buz", and thus created /etc/shutdown.allow with the single entry "buz" (without any quotes). I still get the error message "only root can do this" (or something similar) even if I include the '-a' option on the shutdown command. What am I missing ?
Buz Davis wrote:> I am running CentOS 5.3 and have just the two accounts "root" and > "buz". I would like to be able to issue "shutdown" from the account > "buz", and thus created > /etc/shutdown.allow with the single entry "buz" (without any quotes). > I still > get the error message "only root can do this" (or something similar) > even if I include the '-a' option on the shutdown command. What am I > missing ? > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >IIRC, shutdown.allow doesn't work that way. It's a way to prevent arbitrary people logged into a console from issuing a ctrl-alt-del reboot sequence. You'll either need to set up a 'sudo' capability for that account to run shutdown, or do something like outlined here: http://www.patoche.org/LTT/all/00000059.html I'd prefer the sudo approach. -Alan
Buz Davis wrote:> I am running CentOS 5.3 and have just the two accounts "root" and > "buz". I would like to be able to issue "shutdown" from the account > "buz", and thus created > /etc/shutdown.allow with the single entry "buz" (without any quotes). > I still > get the error message "only root can do this" (or something similar) > even if I include the '-a' option on the shutdown command. What am I > missing ? >I'm not going to verify this right now but I believe "buz" can execute the command "poweroff" to shutdown -h now and "reboot" to shutdown -r now. [rj at mavis rj]$ ls -l `which poweroff` lrwxrwxrwx 1 root root 13 Apr 2 2009 /usr/bin/poweroff -> consolehelper [rj at mavis rj]$ ls -l `which reboot` lrwxrwxrwx 1 root root 13 Apr 2 2009 /usr/bin/reboot -> consolehelper [rj at mavis rj]$
On Fri, Oct 16, 2009 at 7:19 PM, Buz Davis <buzdavis at earthlink.net> wrote:> I am running CentOS 5.3 and have just the two accounts "root" and > "buz". ?I would like to be able to issue "shutdown" from the account > "buz", and thus created > /etc/shutdown.allow with the single entry ?"buz" (without any quotes). > I still > get the error message "only root can do this" (or something similar) > even if I include the '-a' option on the shutdown command. ?What am I > missing ?"man shutdown" on CentOS 5.3 says this... ACCESS CONTROL shutdown can be called from init(8) when the magic keys CTRL-ALT-DEL are pressed, by creating an appropriate entry in /etc/inittab. This means that everyone who has physical access to the console keyboard can shut the system down. To prevent this, shutdown can check to see if an authorized user is logged in on one of the virtual consoles. If shutdown is called with the -a argument (add this to the invocation of shutdown in /etc/inittab), it checks to see if the file /etc/shutdown.allow is present. It then compares the login names in that file with the list of people that are logged in on a virtual console (from /var/run/utmp). Only if one of those authorized users or root is logged in, it will proceed. Otherwise it will write the message so maybe "shutdown -a" is all that is required. -- Jeff
Marcelo M. Garcia
2009-Oct-17 12:44 UTC
[CentOS] allowing users to issue the "shutdown" command
Buz Davis wrote:> I am running CentOS 5.3 and have just the two accounts "root" and > "buz". I would like to be able to issue "shutdown" from the account > "buz", and thus created > /etc/shutdown.allow with the single entry "buz" (without any quotes). > I still > get the error message "only root can do this" (or something similar) > even if I include the '-a' option on the shutdown command. What am I > missing ?Hi You can use sudo and issue "sudo shutdown" from your buz account. Regards mg.