On Thursday 13 Jan 2005 22:30, Nick wrote: > I have the need to enable (and make work) the shutdown and halt > accounts. I set a password for these accounts and tried to use them and > got the expected "you must be root" a colleague pointed out that I might > need the CAP_SYS_BOOT capability turned on. Make the account you want to use for this purpose a member of the shutdown group. Set the shutdown program to allow g+x. Add a line into the default shell rc for that user to shut the system down. As soon as the the user logs in, the shell rc is read (before the prompt appears) and the shutdown will commence. Since the first thing a shutdown does is log users out ...... > After an hour of Googling on > something that relates to CAP_SYS_BOOT but it wasn't very helpful. > I am not sure how widely used this is. If you do a man on > "capabilities" you will find some info, but not really enough to get you > going. There are a couple instructions which form a sort of API, but > that is it. > > Anyone have this working and can give me advice on it > > For those of you who want to ask, why would you ever want to do this? > > The purpose of the built-in halt and shutdown accounts were originally > to give someone, you trust enough to be able to know when to shutdown > the system, but not enough to let him login, the ability to shut down a > server. A secondary function of these was a remote shutdown that didn't > require any thought on the users part! You gave him/her the password and > said, "If you need to shut the machine down for any reason, telnet into > the machine with "this" account and it will shut itself down. In this > manner, you didn't have to give the user physical access to the server. > > > > Nix > > -- > Nick Gray > Senior Systems Engineer > Bruzenak Inc > Office: 512-331-7998 > Cell: 512-630-7009 -- Tony Dietrich ------------- Xerox your lunch and file it under "sex offenders"!