Re: Giving shutdown rights to somebody

From: Bill Unruh (unruh@physics.ubc.ca)
Date: 04/04/02 

From: unruh@physics.ubc.ca (Bill Unruh)
Date: 4 Apr 2002 17:44:07 GMT

In <a8h3lp$eeh$05$1@news.t-online.com> "Ulrich Prinz" <mr.p@earthling.net> writes:

][...]
]>
]> Agreed. The only problem is getting the thing back online again the
]next
]> week.
]>
]> More to the point, *why* do folks shut down their boxes of a w/e?
]>
]> ~Tim
]> --
]Thanks to all opinions made in this thread,

]but it is not my decision to take the machines down on weekend. I
]normally would take down the internet interface only at night and at the
]weekend. Unfortunately the command is to power off all machines at
]weekend. Two of the machines are not of the new ATX kind and they don't
]power of themselves. So I had to write a paper describing the 'how to'.
       off I assume.

Why do you not just write a cron to run the shutdown script at say 6PM
Fri eve, or whenever, and have someone go around at 6:30 to actually
switch off the power. Use either shutdown -h or halt to do so.

]I made a login-script for a special user running the shutdown command
]automatically. My mastermachine does that too, but first logs into all
]other machines to call their shutdown-scripts. This user has no chance
]to do anything else cause he is logged out right after the execution of
]the script.

Bad idea. putting some user in without a password is a bad idea. It is
quite possible that an attacker could use a race or something to break
out of the shutdown script and then be root. Also it allows anyone in
the world to shut down your machines, just be logging in as that user.
Bad idea.

]But yes, I administered a site of some thousand people with more than 12
]NT-servers and I am used to that this systems are up 24/7. But now I'am
]at a small business and I do build electronical devices and the
]server-management is just a job beside my real job. So I'd like to make
]it eazy for all.

]The tip with the sudo command will solve the problem that the master
]script requests a password for every ssh login cause I can degrade the
]special user to a user that may not do anything and has no password.
]That will fit best. After login with i.e. 'shutdown' as username the
]suer only has to wat until all systems issued a double beep and then he
]can switch of main supply. Thats it.

]Many thanks again and best regards

]Ulrich

Relevant Pages

  • Re: I need a fast, minimum of mouse-clicks, power-up and shut-down solution
    ... >know how to configure the machines so that they avoid this stage altogether ... >At shut-down, I get a dialog box asking me if I want to shutdown, restart, ... I know in former OS versions, I could make a a batch file with ... Power Up: turn on computer/monitor. ...
    (microsoft.public.windowsxp.general)
  • Re: Destructive, dangerous Autochk.exe
    ... Your experience must be with very shakey hardware, I hard power cycle my test machines at least 10-15 times a week by hitting the power button or pulling the plug or pulling the battery and I never see the machines autochk. ... Especially on ACPI machines where it's often hard to tell if the computer is off or sleeping, and pressing the OFF button when it's actually in standby will cause a 'dirty' shutdown. ...
    (microsoft.public.security)
  • powerdown on Asus P2B-DS?
    ... We have some old dual PII 400, Asus P2B-DS machines at home ... Currently shutting down the computer does not power it off, ... latest release but that didn't change the shutdown ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Giving shutdown rights to somebody
    ... >> Why do you not just write a cron to run the shutdown script at say 6PM ... >> switch off the power. ... Maybe a remotely accessible UPS? ... Alternatively, replace those machines. ...
    (comp.os.linux.security)
  • Re: Halt not working
    ... I have historically had one or more machines that failed to power off ... halt, shutdown, and poweroff all had the same behavior. ...
    (Fedora)