From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1DvJ4M-0007ol-NX for garchives@archives.gentoo.org; Wed, 20 Jul 2005 18:13:23 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j6KICJG6025910; Wed, 20 Jul 2005 18:12:19 GMT Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.194]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j6KI6S1D014517 for ; Wed, 20 Jul 2005 18:06:29 GMT Received: by zproxy.gmail.com with SMTP id i11so1460862nzh for ; Wed, 20 Jul 2005 11:06:37 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=edJAOvfvBUqWhX5l8rpdEBZMNHmkokFsNziCjGZPTY4cFV2hGHV9nQS238wCykojjNlKTL0KQjs7nZd6WXMYiX1wquyngxIGAfk8v9ZkpJpJO9lrG5uZk+bmAx5XtoOmHOOlJe0RTqyjhSsCFsfBrMSl3Su3Xx5KjtXOsW3EoNI= Received: by 10.36.222.46 with SMTP id u46mr334639nzg; Wed, 20 Jul 2005 11:06:25 -0700 (PDT) Received: by 10.36.57.9 with HTTP; Wed, 20 Jul 2005 11:06:23 -0700 (PDT) Message-ID: <5bdc1c8b0507201106217db34a@mail.gmail.com> Date: Wed, 20 Jul 2005 11:06:23 -0700 From: Mark Knecht To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] non-sudo way for user to run shutdown -h now? (or any equivalent) In-Reply-To: <42DE8E28.1020304@asmallpond.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Disposition: inline References: <5bdc1c8b05072010296257e670@mail.gmail.com> <42DE8E28.1020304@asmallpond.org> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by robin.gentoo.org id j6KI6S1D014517 X-Archives-Salt: fdefdedd-e383-49c3-9403-bd490b6492fa X-Archives-Hash: c2837d72564da71ab368bbe70a435c6a On 7/20/05, Richard Fish wrote: > Mark Knecht wrote: > > >Hi, > > I'm trying to get my mythfrontend box to allow a user to shut the > >machine down without the use of a keyboard. We are only using remote > >controls. suso doesn't seem to be an option because it requires a > >password. (AFAICT) > > > > Is there some other way that I could make this work? > > > > > > > > 2 options: > > 1. Sudo can be setup to allow some commands to be run without a > password. I think this entry in /etc/sudoers should work: > > mythtv ALL = NOPASSWD: /sbin/shutdown Yes, I have this working. My problem with this solution was slightly deeper. To get MythTV to execute this command I have to put 'sudo shutdown -h now' in a setup screen within the setup portion of mythfrontend. In a general sense I don't know how to do that without a keyboard being attached to the machine. So far I haven't found where MythTV stores this information so that I could edit it from an ssh login. Granted I can attach a keyboard for a few minutes when the machine is here at my house, but I'm hesitant to use a solution that I cannot fix via ssh when the machine is remote at my folks house. > > I have not tested this, so if something goes wrong, you'll have to try > and figure out "man sudoers". > > 2. Create a setuid (chmod 4711 /sbin/shutdown_by_anyone.sh) shell script > that runs shutdown. Be sure to export the PATH, and unset LD_PRELOAD > and LD_LIBRARY_PATH variables at the very beginning of the script. Also > make sure the interpreter line is "/bin/bash --". This doesn't fix all > of the security holes with setuid shell scripts, just the most common > and easiest to fix... I don't know how this is much of a security issue for me, but then again I don't know much about security, and I suppose it could be if someone plugs a keyboard in and wants to cause some harm. Shame on them, but good of you to consider it. Thanks, Mark -- gentoo-user@gentoo.org mailing list