Am 13.07.2015 um 16:47 schrieb Kwan Lowe kwan.lowe@gmail.com:
On Mon, Jul 13, 2015 at 10:21 AM, Jonathan Billings billings@negate.org wrote:
Are you saying that this is an interactive process on the system? I'd suggest you make sure this isn't some sort of email ticket that stores a password or emails it.
Thanks for the reply. I'm thinking that the password would only be there to confirm. It would not be stored but would possibly leverage PAM.
You could probably use 'sudo' to handle the part of authenticating the user, and run a very limited service that queried a secure system for approval and initiated the shutdown.
sudo was a possibility.. However, I want to this specifically for folks with root access so sudo's checks won't work.
This is for two reasons: Audit requirements and as a second check for the admin. We've had a couple instances recently where the admin did work on the wrong server. Though i don't see any way to totally lock it down for someone with root access, I want to make it at least give some sort of warning.
If your need is to be sure that the admin work on the right system, then I suggest to put something explicitly into /etc/motd (man motd).
If your work policy allows "folks" to work directly as root, then everything can be circumvented, saying that to suggest something totally trivial: aliases
cat /etc/profile.d/local.sh alias shutdown='/usr/local/sbin/wrapper-shutdown'
thought -- LF