Security: Writing "shutdown" into sudoers file
Forum rules
Topics in this forum are automatically closed 6 months after creation.
Topics in this forum are automatically closed 6 months after creation.
Security: Writing "shutdown" into sudoers file
Hello everyone,
sometimes I let my computer do a thing, I leave my home, and want it to be shut down. For example:
wipe -q -r /media/user/DISK ; sudo shutdown -h now
I normally would run this one as root; however, sometimes I need to run commands as "user".
The shutdown command needs to run as "sudo" or root, so my question is:
I want my computer to shut down withouth asking then for the sudo-PW.
In Gnome-Terminal it seems to save/remember the "sudo"-pw, but for how long? If I want to run the long-time-command without sudo, but the shutdown command needs sudo, what should I do?
E.g.
sudo -i ; logout ; long-time-command; sudo shutdown -h
Would this solution be ok?
But what if the long-time-command takes 5 hours, will gnome-terminal then ask for the PW again, thus not shutting down?
As I am not sure about this, I am thinking about using visudo to write the shutdown-command into the sudoers file, so the user could use "shutdown" without sudo... or without asking for the sudo-pw.
What's the normal solution for this issue? Would it be insecure writing shutdown for the user into the sudoers file?
Thank you for answers!
Apache.
sometimes I let my computer do a thing, I leave my home, and want it to be shut down. For example:
wipe -q -r /media/user/DISK ; sudo shutdown -h now
I normally would run this one as root; however, sometimes I need to run commands as "user".
The shutdown command needs to run as "sudo" or root, so my question is:
I want my computer to shut down withouth asking then for the sudo-PW.
In Gnome-Terminal it seems to save/remember the "sudo"-pw, but for how long? If I want to run the long-time-command without sudo, but the shutdown command needs sudo, what should I do?
E.g.
sudo -i ; logout ; long-time-command; sudo shutdown -h
Would this solution be ok?
But what if the long-time-command takes 5 hours, will gnome-terminal then ask for the PW again, thus not shutting down?
As I am not sure about this, I am thinking about using visudo to write the shutdown-command into the sudoers file, so the user could use "shutdown" without sudo... or without asking for the sudo-pw.
What's the normal solution for this issue? Would it be insecure writing shutdown for the user into the sudoers file?
Thank you for answers!
Apache.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: Security: Writing "shutdown" into sudoers file
In Ubuntu-16.04 sudo is no longer required for a user to execute the shutdown or reboot command; is that not the same in Mint?
However if you do need to use sudo still in Mint you can add either a specific time, or a delay, to the shutdown command very easily.
See man shutdown for info
However if you do need to use sudo still in Mint you can add either a specific time, or a delay, to the shutdown command very easily.
See man shutdown for info
I see no good reason to edit the sudoers file for something simple that seems already possible.The time string may either be in the format "hh:mm" for hour/minutes specifying the time to execute the shutdown at, specified in 24h clock format. Alternatively it may be in the syntax "+m" referring to the specified number of minutes m from now. "now" is an alias for "+0", i.e. for triggering an immediate shutdown. If no time argument is specified, "+1" is implied.
Note that to specify a wall message you must specify a time argument, too.
If the time argument is used, 5 minutes before the system goes down the /run/nologin file is created to ensure
that further logins shall not be allowed.
Re: Security: Writing "shutdown" into sudoers file
How about making the sudo session last longer (- not sure this works in Mint, though).Apache wrote:In Gnome-Terminal it seems to save/remember the "sudo"-pw, but for how long? If I want to run the long-time-command without sudo, but the shutdown command needs sudo, what should I do?
Re: Security: Writing "shutdown" into sudoers file
I do this and then regular guys can run it without sudo:
Code: Select all
sudo chmod u+s /sbin/shutdown
Please edit your original post title to include [SOLVED] if/when it is solved!
Your data and OS are backed up....right?
Your data and OS are backed up....right?
Re: Security: Writing "shutdown" into sudoers file
Thanks for this answer, and this may be helpful in some cases, but you probably don't know when the long-time-command ends.ajgreeny wrote:"hh:mm" for hour/minutes specifying the time to execute the shutdown at, specified in 24h clock format.
If you think it will last for 5 hours, but then it turns out to be 8 hours, and the shutdown-command will run at 6 hours from now, this is not the solution!
I want to be sure with this one:
First: Longtime command ; then: shutdown -h,
the ";" or "&" does this quite good already.
And not:
shutdown -h 17:26
long-time command. (without the knowledge how long this command actually takes, so we need ";" or "&"
Thanks anyway, appreciated.
Re: Security: Writing "shutdown" into sudoers file
You didn't specify your Linux Mint version but from Linux Mint 18 and LMDE 2 you can just use the command
For earlier versions you use this command to shutdown without need for sudo:
systemctl shutdown
without need for sudo.For earlier versions you use this command to shutdown without need for sudo:
Code: Select all
dbus-send --system --print-reply --dest="org.freedesktop.ConsoleKit" /org/freedesktop/ConsoleKit/Manager org.freedesktop.ConsoleKit.Manager.Stop
Re: Security: Writing "shutdown" into sudoers file
Will this work?
Sheng-Chieh
Code: Select all
pause 3000 ; systemctl shutdown
-
- Level 6
- Posts: 1144
- Joined: Thu May 03, 2012 3:54 am
- Location: Israel
- Contact:
Re: Security: Writing "shutdown" into sudoers file
That's cool - how did you memorize that? Just a joke. I love Linux!xenopeek wrote:You didn't specify your Linux Mint version but from Linux Mint 18 and LMDE 2 you can just use the commandsystemctl shutdown
without need for sudo.
For earlier versions you use this command to shutdown without need for sudo:Code: Select all
dbus-send --system --print-reply --dest="org.freedesktop.ConsoleKit" /org/freedesktop/ConsoleKit/Manager org.freedesktop.ConsoleKit.Manager.Stop
You could just change pause 3000 to pause 5 and give it a try. I don't see why this shouldn't work.shengchieh wrote:Will this work?
Sheng-ChiehCode: Select all
pause 3000 ; systemctl shutdown
Subjects of interest: Linux, vfio passthrough virtualization, photography
See my blog on virtualization, including tutorials: https://www.heiko-sieger.info/category/ ... alization/
See my blog on virtualization, including tutorials: https://www.heiko-sieger.info/category/ ... alization/
Re: Security: Writing "shutdown" into sudoers file
I did not remember the dbus command, only the systemctl command I did recall I figured this out in the past and so looked for my topic on that and copied the dbus command from there.powerhouse wrote:That's cool - how did you memorize that? Just a joke. I love Linux!
Re: Security: Writing "shutdown" into sudoers file
Another quick thought!
What about combining the two commands into one separated with double ampersands; that way the second command (shutdown) will only execute when and if the first has finished successfully.
So try
What about combining the two commands into one separated with double ampersands; that way the second command (shutdown) will only execute when and if the first has finished successfully.
So try
Code: Select all
<long-term-command> && systemctl shutdown
Re: Security: Writing "shutdown" into sudoers file
When needed, for the user part:Apache wrote: ...
I normally would run this one as root; however, sometimes I need to run commands as "user".
The shutdown command needs to run as "sudo" or root, so my question is:
I want my computer to shut down withouth asking then for the sudo-PW.
...
sudo -iu username -- command
The dbus-send command that xenopeek listed, worked for me @LM17.3. In fact an archlinux user made the dbus commands into scripts.
A useful command,
qdbusviewer
, is a gui that allows you to walk through the objects and their methods.There was an interesting askubuntu question 1 or question 2, that says it is policy-kit (/usr/share/polkit-1/actions/org.freedesktop.consolekit.policy). I've never jumped into policy-kit much. But there is a reply that says: "A slightly safer option would be to allow sudoers passwordless shutdown."
It is my understanding that systemd-logind (>LM17.3) changes the above (??)... replacing consolekit, so the dbus command would be different.
Re: Security: Writing "shutdown" into sudoers file
Yes, you just letlmuserx4849 wrote:It is my understanding that systemd-logind (>LM17.3) changes the above (??)... replacing consolekit, so the dbus command would be different.
systemctl shutdown
handle it