What is the proper way to enable a normal user to shutdown, halt or reboot the computer?

4

1

My dirty solution is to chmod +s /sbin/shutdown. It works but this is probably not good practice and insecure. Moreover after some system updates the suid bit gets reset. What would be the correct way to do it?

ccpizza

Posted 2012-07-08T20:08:41.227

Reputation: 5 372

i usually do sudo shutdown now -h – kobaltz – 2012-07-08T20:12:52.720

Answers

3

All users? Or a selected subset of them? Will they use the computer locally or also remotely (e.g. via ssh).

In case of a few users who also work remotely sudo will work fine. See this link for details.

If they are logging in locally and via a GUI then there are better options. E.g. capturing the three finger salute via init and letting that trigger a 1 minute delayed shutdown. It has been ages since I set that up though, so I skipping on the details for that. (I used that back when Slackware 3 was modern)

Hennes

Posted 2012-07-08T20:08:41.227

Reputation: 60 739

Either a single user or a group such as %users. The idea is to avoid using sudo every time and entering passwords. According to the link you posted a line in sudoers like %users ALL=NOPASSWD:/sbin/shutdown is probably all I need. Thank you! – ccpizza – 2012-07-08T20:27:11.133

2

If your shutdown accepts the -a switch (check with shutdown --help), you can do the following:

  • Add the users that should be able to shut the system down to /etc/shutdown.allow.

    Example:

    userA
userB

  • Shut the system down using the -a switch.

    Example:

    shutdown -a -h now

Source: UNIX man pages : shutdown (8)

Dennis

Posted 2012-07-08T20:08:41.227

Reputation: 42 934

looks like my version of shutdown (generic Linux of the -buntu family) does not support the -a option. Looks like the expected way is to create a %shutdown group which would include the users who need to shutdown and then reference that in the sudoers file. – ccpizza – 2012-07-08T20:32:05.340

1

I use SL 6.4. It has user version of poweroff, halt, reboot provided by usermode package. I can shutdown, reboot as a normal user (from the command line as well)

    $ which {poweroff,reboot,halt}
    /usr/bin/poweroff
    /usr/bin/reboot
    /usr/bin/halt

    rpm -qf $(which poweroff reboot halt)
    usermode-1.102-3.el6.x86_64
    usermode-1.102-3.el6.x86_64
    usermode-1.102-3.el6.x86_64

As root

    # which {poweroff,reboot,halt}
    /sbin/poweroff
    /sbin/reboot
    /sbin/halt

    # rpm -qf $(which poweroff reboot halt)
    upstart-0.6.5-12.el6.x86_64
    upstart-0.6.5-12.el6.x86_64
    upstart-0.6.5-12.el6.x86_64

trekkerboy

Posted 2012-07-08T20:08:41.227

Reputation: 123

Asked: 2012-07-08T20:08:41.227

Viewed: 5 364 times

Active: 2013-09-08T16:53:34.663