[sudo-users] Unprivledged user isn't able to reboot system via sudo

Shawn McMahon syberghost at gmail.com
Tue Jul 31 16:03:57 EDT 2012

On Tue, Jul 31, 2012 at 3:44 PM, Todd C. Miller
<Todd.Miller at courtesan.com> wrote:
> On Tue, 31 Jul 2012 14:09:34 +0800, Simon K wrote:
>> no i have not enabled
>> I/O logs ... my sudoers file is a very simple one i haven't included
>> any extra fields there... :-(
> I was able to reproduce this on an HP-UX machine.  What happens is
> that /sbin/reboot (which is run by /sbin/shutdown) sends a SIGTERM
> signal to all processes before it calls the reboot system call.
> When sudo receives the SIGTERM, it passes the signal to the command
> it is running (shutdown or reboot) which kills the reboot process
> before it has had a chance to actually reboot the machine.
> I don't have a good solution for this at the moment.

Until Todd thinks of a code fix, perhaps as a workaround you could
make a script that does something like:

echo "shutdown -r now" | at now

...and make a rule to run it. Do *NOT* just let them run "at" as root,
that would be Very Bad.

Put that in a file somewhere root controls (such as /usr/local/bin or
/usr/local/sbin), and then make a rule to do:

sh -c '/usr/local/sbin/shutdownwrapper'

More information about the sudo-users mailing list