From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id BFC84138CBE for ; Sat, 21 Mar 2015 20:50:54 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F3D39E0905; Sat, 21 Mar 2015 20:50:47 +0000 (UTC) Received: from mail-ig0-f173.google.com (mail-ig0-f173.google.com [209.85.213.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id EF80CE08F9 for ; Sat, 21 Mar 2015 20:50:46 +0000 (UTC) Received: by igcqo1 with SMTP id qo1so12907348igc.0 for ; Sat, 21 Mar 2015 13:50:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=p4wqCyKpj/G2mig2nEHX+EtcPH/zTmUkaH0y0OEZAe0=; b=J6EUsv7Yld0gk/WsUJ8gVlvL9tuZJHV67FN7v9Yo7JPqBhDDjwCNh467PI5tSvrwZY HpNP0wvbYuaqXgxLszP6OU2+K2Eaip1oHeKjEn7s19puyLdRJ39z62TjE5eY6p8Itfse ibjvc4aFzuLvqDj5GZ8Ao2lmXIXkkx9oSmeM3Rpm1belLd8dftMTYi4SE0pxE4vLSMb6 URNeC/9DAYwZZOPenkky5zmY/O1PQUdLCtD5MUBCLcFGuC9oBiq8+Q5GGyP+9rXfo00O sPhwS+30IebOcSS+lzDr5FJm9AAbeuyZH7kmvyFMSxmpaDRhn5cwJek7LfkaX+V9GqBF jXlg== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.107.164.140 with SMTP id d12mr110568537ioj.13.1426971046450; Sat, 21 Mar 2015 13:50:46 -0700 (PDT) Sender: freemanrich@gmail.com Received: by 10.107.135.78 with HTTP; Sat, 21 Mar 2015 13:50:46 -0700 (PDT) In-Reply-To: <20150321203225.GF1082@ca.inter.net> References: <20150321152656.a82a84b3e8a32c8b68554548@gmail.com> <20150321203225.GF1082@ca.inter.net> Date: Sat, 21 Mar 2015 16:50:46 -0400 X-Google-Sender-Auth: FP9hEx30nvWPe-1LvAYElPt1VqA Message-ID: Subject: Re: [gentoo-user] How to poweroff the system from user? From: Rich Freeman To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 X-Archives-Salt: 7167c22f-6fec-45a0-90e4-44e243525996 X-Archives-Hash: 51326c2e658a9b9fc608f1df59736abb On Sat, Mar 21, 2015 at 4:32 PM, Philip Webb wrote: > > I'ld say "Don't" : it's contrary to the principles of Unix, > which separate the roles of sysadmin (root) from those of ordinary users. > There are a couple of schools of thought there. One that differs from what you suggested is that root isn't really a pure role - it is a uid you can log in as (which mostly makes the actions you take as root anonymous in a multi-admin environment). If you're into role-based access control then you really don't want people just switching to root all the time - you want to define roles and their specific requirements, and then assign those roles to users. Sudo is a simple tool for doing this, but stuff like consolekit/logind/policykit and so on are about giving more granular access to users. Likewise posix capabilities are all about making what traditionally is root much more granular. But, yes, the simple answer is to just log in as root to power off the system. That will almost certainly work for at least the next 20 years. Everything else is just added capabilities. -- Rich