> Hello, Hello,
> I use my computer as a workstation and thus I think it would be a good idea > to be able to switch it of as user without being root. Well, what about su? [EMAIL PROTECTED] su [EMAIL PROTECTED]'s password: [EMAIL PROTECTED] shutdown -h now > I had two ideas of making this possible. The one is to make it sudo-able and > the other is to put the executable into a special group (e.g. poweroffer) Sudo is a security hole. There are three ways to use it, one good, one questionable, and one stupid. The good way is to set your user account to have full root privs via sudo. This is very handy to have, because you can do root things without having to su. The questionable way is to allow certain users to execute a certain set of programs as root. It works well, but if you are not extremely careful about write permissions on the executables and all of their parent directories, you can make it possible to overwrite an allowed program with one of your own. Even more likely, you can force trusted programs to execute non-trusted programs with the same effective UID. The stupid way to use it is to allow a user full root privs, with some restrictions. This is off topic, but most likely useful. > and then make the binaries suid-root executable for this group and put the > users which ought to be allowed to poweroff the workstation into this group. This sounds like the best way. It seemes simpler just to su root. > Of course this would be possible with gdm, but due to some other problems > with gdm I reported a time ago which I still have not fixed I don't want to > use gdm. Ok. > thanks, > thomas -Tech > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
