*BSD News Article 90214


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!goanna.cs.rmit.edu.au!news.apana.org.au!cantor.edge.net.au!news.teragen.com.au!news.access.net.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!news.maxwell.syr.edu!newsfeed.nacamar.de!news.nacamar.de!fu-berlin.de!irz401!orion.sax.de!uriah.heep!news
From: j@uriah.heep.sax.de (J Wunsch)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Dual OS machine and automated reboots ?
Date: 2 Mar 1997 23:24:13 GMT
Organization: Private BSD site, Dresden
Lines: 44
Message-ID: <5fd26t$jd@uriah.heep.sax.de>
References: <33193168.167EB0E7@silas.cc.monash.edu.au>
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
NNTP-Posting-Host: localhost.heep.sax.de
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Newsreader: knews 0.9.6
X-Phone: +49-351-2012 669
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:36453

Chooka <dhenshaw@silas.cc.monash.edu.au> wrote:

> The uid and group id have to be that of root's to allow the use of
> reboot or shutdown.

Not quite right.  Any member of group "operator" is allowed to execute
/sbin/shutdown, and shutdown itself is setuid root.

What about this to find about your logged in users:

#!/bin/sh XXX

me=$(who am i)

if [ "X$me" = X ] ; then
	echo "You don't exist, go away!"
	exit 1
fi

nlusers=$(who | grep -v "^${me}\$" | wc -l)

if [ $nlusers -gt 0 ] ; then
	echo "There are still other users logged in."
	exit 1
fi

/sbin/shutdown -r +1 "Shutdown login" &

sleep 2
exit 0


XXX -- if you're running FreeBSD 2.1.7 or higher, better put a "-p"
here.  This plugs a potential security hole.  By all means, do not
assign this script to UID 0; instead, create a separate and harmless
user for it, and put this one into group "operator" so it can execute
/sbin/shutdown.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)