[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
secure shutdown - sudo or setuid
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: secure shutdown - sudo or setuid
- From: Hanspeter Roth <hanspeter_roth_(_at_)_hotmail_(_dot_)_com>
- Date: Tue, 19 Feb 2002 22:37:59 +0100
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
- Reply-to: misc_(_at_)_openbsd_(_dot_)_org
this is about a pure client that dosen't offer any service which has
to be available such as a notebook or a station in a Lan.
What is the recomended way to allow a nonprivileged user to perform
Should one set the uid-bit of /sbin/shutdown or configure sudo or is
there something better?
Sudo is probably better suited for medium to large networks.
How about a standalone workstation?
I've read that sudo required a security patch. So is it secure now?
My configuration looks like:
root ALL=(ALL) ALL
%users ALL= NOPASSWD: /sbin/mount /mnt/cdrom,/sbin/umount /mnt/cdrom
%users ALL= NOPASSWD: /sbin/mount /mnt/floppy,/sbin/umount /mnt/floppy
%users thishost = NOPASSWD: /sbin/shutdown -* now