[sudo-users] Unprivledged user isn't able to reboot system via sudo
Simon K
k_simon78 at yahoo.com
Wed Aug 1 03:24:33 EDT 2012
Hi Shawn,
Thanks a lot for your help .
Okay i will try the workaround mentioned by you.
Thanks & Regards,
Simon K
________________________________
From: Shawn McMahon <syberghost at gmail.com>
To: Simon K <k_simon78 at yahoo.com>; "sudo-users at sudo.ws" <sudo-users at sudo.ws>
Sent: Wednesday, 1 August 2012 1:33 AM
Subject: Re: [sudo-users] Unprivledged user isn't able to reboot system via sudo
On Tue, Jul 31, 2012 at 3:44 PM, Todd C. Miller
<Todd.Miller at courtesan.com> wrote:
> On Tue, 31 Jul 2012 14:09:34 +0800, Simon K wrote:
>
>> no i have not enabled
>> I/O logs ... my sudoers file is a very simple one i haven't included
>> any extra fields there... :-(
>
> I was able to reproduce this on an HP-UX machine. What happens is
> that /sbin/reboot (which is run by /sbin/shutdown) sends a SIGTERM
> signal to all processes before it calls the reboot system call.
> When sudo receives the SIGTERM, it passes the signal to the command
> it is running (shutdown or reboot) which kills the reboot process
> before it has had a chance to actually reboot the machine.
>
> I don't have a good solution for this at the moment.
Until Todd thinks of a code fix, perhaps as a workaround you could
make a script that does something like:
echo "shutdown -r now" | at now
...and make a rule to run it. Do *NOT* just let them run "at" as root,
that would be Very Bad.
Put that in a file somewhere root controls (such as /usr/local/bin or
/usr/local/sbin), and then make a rule to do:
sh -c '/usr/local/sbin/shutdownwrapper'
More information about the sudo-users
mailing list