SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Originally posted by slackmartian Can I edit /etc/sudoers with pico?
I don't know, You are supposed to use visudo, and i guess this is why:
Quote:
visudo edits the sudoers file in a safe fashion, analogous to vipw(8).
visudo locks the sudoers file against multiple simultaneous edits, pro_
vides basic sanity checks, and checks for parse errors. If the sudoers
file is currently being edited you will receive a message to try again
later.
The list of the editors visudo may use is hardcoded. If you ask me just make sure you backup sudoers file
and use pico, if this is your PC and not a server.
Quote:
Originally posted by slackmartian And if, where should i put the shutdown line?
If you read the /etc/sudoers you'll see where to put it. I don't know if it matters at all but personally I respect the structure.
If you want to enable this for user only put under:
Code:
# User privilege specification
root ALL=(ALL) ALL
a line like
<username> darkstar= NOPASSWD: /sbin/halt
If you want to enable this for a group (like the users group),put under:
Code:
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
%<group_name> darkstar= NOPASSWD: /sbin/halt
If you are using shutdown and not halt you may uncomment the above line.The localhost did not work for me, 127.0.0.1 or 0.0.0.0 either. Maybe you need to use a Host alias specification, if you are using the default slackware host name: darkstar, to be able to use localhost in sudoers.
After editing the file, do: visudo -c
This parses the file and checks the synatax.
P.S. I would advise you to start learning vi. Besides the fact that it's a really powerfull editor, it's the default UNIX/LINUX editor. pico/nano may not be present in some un*x systems.
Last edited by perfect_circle; 02-14-2005 at 10:03 AM.
I suppose that in this situation... as it's just for your use... you can just do a SUID of the command "halt" (and maybe also "restart", I did for both...).
So you add the directory "/sbin/" to your path, if it is not yet... and then you just do the command:
Personally I wouldn't do that for pratical reasons, I use the console alot and i use tab a lot to autocomplete my commands. Adding /sbin in your path will make your user see 241(in my system), more commands, the vast majority of which you are not supposed to execute as a simple user, and this will slow down the autocomplete feature, since more commands means more correct combinations for some starting letters to complete. Also even if you have permission for a command adding /sbin/, makes you think again what you are going to do.
SO if you want do chmod, but better do a alias and don't add the whole /sbin in your path.
This is simply me opinion on this. I'm not a guru and it's your system we are talking about. You do what you want.
Last edited by perfect_circle; 02-14-2005 at 12:26 PM.
I suppose that in this situation... as it's just for your use... you can just do a SUID of the command "halt" (and maybe also "restart", I did for both...).
So you add the directory "/sbin/" to your path, if it is not yet... and then you just do the command:
"chmod u+s /sbin/halt"
And it works great...
See you around!
/Edu
In addition to what perfect_circle said:
I wouldn't do that either, because you'll have to
chmod each time you upgrade ;) ... whereas the
sudoers file won't be overwritten ...
Just one more thing.
So when i make the sudo work,
I just type sudo halt and then i have to type my password?
Wouldnt that be the same as doing su password and halt?
I would like to have a shutdown/reboot in my fluxbox menu, is that possible to do without typing anything?
Actually if you are using darkstar or localhost, and not ALL in the domain field, it means that someone needs to have physical presence to the computer in order to halt it and this cannot be done remotely. If a user has physical presence then he can press ALT+CTR+DEL unless you have disabled that, or even unplug or hard-reset the computer. I don't know what will happen if someone connects from another computer named darkstar, and if the address will be resolved at all, but i think that the security risk added by this command is low. I don't run any ssh or telnet server in my computer at all, and i don't use a static IP to connect to the Internet. Also by default sudo logs successful and unsuccessful attempts via syslog.If you have government secrets to hide in your PC, well don't use it.
Last edited by perfect_circle; 02-15-2005 at 07:52 AM.
Personally I would set up a group (slackware may already have a group for such a purpose) that is for halting the machine. Add the users that need to halt the machine and update your sudoers file to allow only that group to shut down the machine. (If I remember right there are very good examples in the man sudoers file) This would allow only certain users to halt the machine and make it easy to add new users who can halt the machine (in the adduser script it asks for additional groups)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
