Hai Andreas, On Tue, Oct 17, 2000 at 07:13:55PM +0200, Andreas Hetzmannseder wrote: > Carel Fellinger wrote: ... > > shutdown isn't in your PATH, but even if it were it has no SUID flag so > > it won't do you no good. > > You are absolutely right. Well I wouldn't believe it, so I had to see > for myself: /sbin is now in my path but what's the point of it?
the point being... > > > [...] However when I attempt to type 'shutdown -a -r now' or > > > 'shutdown -a -h now' by myself, it says 'shutdown: command not found'. ...that the command will be found when typed from the command-line, but as I said that won't do you no good... > > > I still have to be root in this case. ...as you still have to be root:] You see, shutdown really needs root privilege, soit. So either you use the suid trick on /sbin/shutdown (better not, and if not then there is no need to have shutdown (/sbin) in your path either), or signal some process running with root privilege to call shutdown for you. The latter is what happens with Ctrl-Alt-Del, it triggers the keyboardhandler to call shutdown. The keyboardhandler being a kernel process runs with root privilege, so that works. But... ... there is more to this story if shutdown is called with the "-a" flag and the file /etc/shutdown.allow exists. You see, in that case shutdown *itself* will refuse to do its work if neither root nor one of the users listed in /etc/shutdown.allow are actually logged-on on a virtual console. An xterm or XDM log-on screen won't do, you really have to be logged-on. But even if you're logged-on, "shutdown -a" still needs to be run with root privilege (see above), so typing it from the command line will only work if you're root or the suid bit is set. ... > Thank you for your explanation. Your welcome:), but I fear I've merely confused you with the inittab thing:( > > Well, you shouldn't add the entry but modify the excisting one and add to > > that entry the '-a' flag. [...] > > Now I feel completely stupid. Which existing entry shall I modify? > Please have a look at my /etc/inittab: ... > ca:12345:ctraltdel:/sbin/shutdown -t1 -a -r now the -a is already there, so the docs were misleading and I should have looked up the contents of the default /etc/inittab file. Sorry. -- groetjes, carel
