[CentOS] allowing users to issue the "shutdown" command

Jeff jlar310 at gmail.com
Sat Oct 17 01:37:38 UTC 2009


On Fri, Oct 16, 2009 at 7:19 PM, Buz Davis <buzdavis at earthlink.net> wrote:
> I am running CentOS 5.3 and have just the two accounts "root" and
> "buz".  I would like to be able to issue "shutdown" from the account
> "buz", and thus created
> /etc/shutdown.allow with the single entry  "buz" (without any quotes).
> I still
> get the error message "only root can do this" (or something similar)
> even if I include the '-a' option on the shutdown command.  What am I
> missing ?

"man shutdown" on CentOS 5.3 says this...

ACCESS CONTROL
       shutdown  can  be  called from init(8) when the magic keys
CTRL-ALT-DEL are pressed, by creating an
       appropriate entry in /etc/inittab. This means that everyone who
has physical access to the  console
       keyboard can shut the system down. To prevent this, shutdown
can check to see if an authorized user
       is logged in on one of the virtual consoles. If shutdown is
called with the -a argument  (add  this
       to the invocation of shutdown in /etc/inittab), it checks to
see if the file /etc/shutdown.allow is
       present.  It then compares the login names in that file with
the list of people that are logged  in
       on  a virtual console (from /var/run/utmp). Only if one of
those authorized users or root is logged
       in, it will proceed. Otherwise it will write the message

so maybe "shutdown -a" is all that is required.

--
Jeff



More information about the CentOS mailing list