Hi,
> I am running a Debian system right now as a web development staging server.
+At
> present, it is only on a local network, but could conceivably become a gateway
> to the Internet as well. So for the time being, it is basically a two-user
> system (me and my wife).
>
> I am teaching my wife to do web development, and would like her to be able to
> use the Linux system. This includes having her be able to shut the system
+down
> when she's done using it (we can't afford to leave this old 486 system running
> without a pretty heavy subsidy from the electric co!). My wife is not a real
> experienced computer user in general, and she has NO UNIX experience
+whatsoever.
> Needless to say, I'm not really crazy about the idea of giving her root
+access,
> lest some simple mistake hose the system completely.
>
> What would be the best way to enable her to run the shutdown command, without
> creating a giant security hole which might bite me in the @*% should this
> machine ever become a gateway? My thoughts up to this point:
>
> 1) Creating a group consisting of my wife and myself, and doing a setuid and
> chmod 710 on the shutdown command itself, and changing group ownership to the
> group with me and her in it.
>
> 2) Creating a group consisting of my wife and myself, and writing a script
> which executes the shutdown command, then setting the ownership for the script
> to root, group ownership on the script to our group, and doing a setuid on
+just
> the script.
>
> It seems to me that the second option is the best as I don't have to monkey
> around with the permissions on the command. Is the second any more of a
> security concern than the first, or, as I assume, less? Say my wife's user
> password is ridiculously easy to guess; do these give the same amount of
+system
> access to the person who cracks into her account?
>
> Does anyone know of a better way to do this?
>
> Well, if you look into /etc/inittab you will see the following:
>
# What to do when CTRL-ALT-DEL is pressed.
ca:12345:ctrlaltdel:/sbin/shutdown -t1 -r now
You can change that to
# What to do when CTRL-ALT-DEL is pressed.
ca:12345:ctrlaltdel:/sbin/shutdown -t1 -h now
which will perform a total shutdown and stop once it reaches the
System Halted output. After that "It's safe to turn off the computer" to
paraphrase a rather awkward operating system for pcs...
Hope this helps,
Luis.
--
Luis Francisco Gonzalez <[EMAIL PROTECTED]>
PGP Fingerprint = F8 B1 13 DE 22 22 94 A1 14 BE 95 8E 49 39 78 76
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
