Permission to change run level

Andrew Mathews andrew_mathews
Mon May 17 11:44:18 PDT 2004 

Condon Thomas A KPWA wrote:
> Folks,
> 
> I've got a laptop with RedHat 6.2 on it that I added a user to, so my
> brother could continue writing while he is visiting.  However, this machine
> does not allow anyone but root to shut down the machine (init 0).
> 
> I don't have this problem on other machines, but I've been unable to find
> details on allowing users to do this in the man entries on init, runlevel,
> or anything else I could think of to search.
> 
> Any help would be much appreciated.
> 
> 
> In Harmony's Way, and In A Chord,
> 
> Tom  :-})
> 
> Thomas A. Condon
> Barbershop Bass Singer
> Registered Linux User #154358
> A Jester Unemployed
> _______________________________________________
<snip>

 From man shutdown:
ACCESS CONTROL
        shutdown can be called from init(8) when the  magic  keys 
CTRL-ALT-DEL are  pressed, by creating  an appropriate entry in 
/etc/inittab. This means that everyone who has physical access to the 
console keyboard can shut  the system down. To prevent this, shutdown 
can check to see if an authorized user is logged in on one of the 
virtual consoles.  If  shutdown  is  called  with  the  -a argument (add 
this to the invocation of shutdown in /etc/inittab), it checks to  see 
if  the  file  /etc/shutdown.allow  is  present.  It then compares the 
login names in that file with the list of people that are logged in on a 
virtual  console  (from /var/run/utmp). Only if one of those authorized 
users or root is logged in, it will proceed. Otherwise it will write the 
message shutdown: no authorized users logged in to the (physical) system 
console. The format of /etc/shutdown.allow  is one user name per line. 
Empty lines and comment lines (prefixed by a #) are allowed. Currently 
there is a limit of 32 users in this file.
Note that if /etc/shutdown.allow is not present,  the  -a  argument  is
ignored.
-----------------------------------notes-----------------------------
Shutdown  wasn't  designed to be run setuid. /etc/shutdown.allow is not
used to find out who is executing shutdown, it ONLY checks who is 
currently logged in on (one of the) console(s).
--------------------------------/notes-------------------------------
HTH,
-- 
Andrew Mathews
---------------------------------------------------------------------
   3:28pm  up  1:24,  4 users,  load average: 0.54, 0.25, 0.15
---------------------------------------------------------------------
Work smarter, not harder, and be careful of your speling.

More information about the Linux-users mailing list