From: Mark Knecht <markknecht@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] non-sudo way for user to run shutdown -h now? (or any equivalent)
Date: Wed, 20 Jul 2005 11:06:23 -0700 [thread overview]
Message-ID: <5bdc1c8b0507201106217db34a@mail.gmail.com> (raw)
In-Reply-To: <42DE8E28.1020304@asmallpond.org>
On 7/20/05, Richard Fish <bigfish@asmallpond.org> wrote:
> Mark Knecht wrote:
>
> >Hi,
> > I'm trying to get my mythfrontend box to allow a user to shut the
> >machine down without the use of a keyboard. We are only using remote
> >controls. suso doesn't seem to be an option because it requires a
> >password. (AFAICT)
> >
> > Is there some other way that I could make this work?
> >
> >
> >
>
> 2 options:
>
> 1. Sudo can be setup to allow some commands to be run without a
> password. I think this entry in /etc/sudoers should work:
>
> mythtv ALL = NOPASSWD: /sbin/shutdown
Yes, I have this working. My problem with this solution was slightly
deeper. To get MythTV to execute this command I have to put 'sudo
shutdown -h now' in a setup screen within the setup portion of
mythfrontend. In a general sense I don't know how to do that without a
keyboard being attached to the machine. So far I haven't found where
MythTV stores this information so that I could edit it from an ssh
login.
Granted I can attach a keyboard for a few minutes when the machine is
here at my house, but I'm hesitant to use a solution that I cannot fix
via ssh when the machine is remote at my folks house.
>
> I have not tested this, so if something goes wrong, you'll have to try
> and figure out "man sudoers".
>
> 2. Create a setuid (chmod 4711 /sbin/shutdown_by_anyone.sh) shell script
> that runs shutdown. Be sure to export the PATH, and unset LD_PRELOAD
> and LD_LIBRARY_PATH variables at the very beginning of the script. Also
> make sure the interpreter line is "/bin/bash --". This doesn't fix all
> of the security holes with setuid shell scripts, just the most common
> and easiest to fix...
I don't know how this is much of a security issue for me, but then
again I don't know much about security, and I suppose it could be if
someone plugs a keyboard in and wants to cause some harm. Shame on
them, but good of you to consider it.
Thanks,
Mark
--
gentoo-user@gentoo.org mailing list
next prev parent reply other threads:[~2005-07-20 18:13 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-07-20 17:29 [gentoo-user] non-sudo way for user to run shutdown -h now? (or any equivalent) Mark Knecht
2005-07-20 17:47 ` Richard Fish
2005-07-20 18:06 ` Mark Knecht [this message]
2005-07-20 19:16 ` Wade Brown
2005-07-20 21:15 ` Richard Fish
2005-07-20 21:17 ` Richard Fish
2005-07-21 1:49 ` Iain Buchanan
2005-07-20 20:05 ` Rafer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5bdc1c8b0507201106217db34a@mail.gmail.com \
--to=markknecht@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox