Why does "/sbin/shutdown" still need password ?

Status
Not open for further replies.
S

sw2wolf

Code: 
>id
uid=1001(sw2wolf) gid=1001(sw2wolf) groups=1001(sw2wolf),0([color="Red"]wheel[/color]),5(operator),920(vboxusers)

>cat /usr/local/etc/sudoers | grep NOPASSWD
%wheel ALL=(ALL) NOPASSWD: /sbin/shutdown -r now, /sbin/shutdown -p now

However, The user sw2wolf still needs root's password to run sudo /sbin/shutdown


Sincerely!
 
shutdown alone will bring you into single user mode.

I don't use sudo. Simply su into root first and run shutdown -p now for system shutdown and power off or -r for system shutdown then reboot or -h to shutdown the system and halt.

You can add yourself to the right group if you really need the user to have the ability to shutdown the system. I don't recommend it though.
 
I don't use sudo. Simply su into root first and run shutdown -p now for system shutdown and power off or -r for system shutdown then reboot or -h to shut down the system and halt.
Click to expand...

Of course, it works as you said. However, my freebsd FreeBSD box is a home desktop system, it is not convenient for user to "su to root" to close the machine. so I just want to sudo /sbin/shutdown -p now not need password by using sudo.
 
Did you logout and back in after you added the user to the wheel group?
 
Are you typing in the complete command or just sudo shutdown?
 
You can add the user to the operator group. This should do it. But once again I haven't tried. It seems like the right place though.

I always get a kick out of shutdown()'s man page

Code: 
The shutdown utility provides an automated shutdown procedure for super-
     users to nicely notify users when the system is shutting down, saving
     them from system administrators, hackers, and gurus, who would otherwise
     not bother with such niceties.

You could also create an alias or wrapper script for other users of the system. Do fun things like tokens and fortunes on shutdown.
 
If it's a home desktop don't you have a graphical interface (aka, gnome/kde/xfce and such) that comes with a nice shutdown menu?
 
D4rkSilver said:
If it's a home desktop don't you have a graphical interface (aka, gnome/kde/xfce and such) that comes with a nice shutdown menu?
Click to expand...
He doesn't have to. He may use some WM.
 
This works nicely for me

Code: 
#!/bin/sh

ACTION=`zenity --width=90 --height=200 --list --radiolist --text="Select logout action" --title="Logout" --column "Choice" --column "Action" TRUE Shutdown FALSE Reboot FALSE Logout`

if [ -n "${ACTION}" ];then
  case $ACTION in
  Shutdown)
    zenity --question --text "Are you sure you want to halt?" && sudo /sbin/halt -p
    ;;
  Reboot)
    zenity --question --text "Are you sure you want to reboot?" && sudo /sbin/reboot
    ;;
  Logout)
    killall spectrwm
    ;;
   esac
fi

you can call this script with a key binding or launcher icon.
 
Okay I decided to test my theory on my home machine. As matoatlantis pointed out initially that I was correct on my initial assessment. I can confirm that it works now.

OP, this is simpler than using sudo and is native to the system.

Simply edit /etc/group like so and add your username (in this case I added mine) to the operator group:

Code: 
babelfish# vim /etc/group

# $FreeBSD: release/9.0.0/etc/group 218046 2011-01-28 22:28:12Z pjd $
#
wheel:*:0:root,unixgod
daemon:*:1:
kmem:*:2:
sys:*:3:
tty:*:4:
operator:*:5:root,unixgod
mail:*:6:
bin:*:7:
news:*:8:
...

This is actually documented for future look into the handbook which has the simple url FreeBSD.org/handbook

direct link:
http://www.freebsd.org/doc/handbook/boot-shutdown.html

13.7 Shutdown Sequence

Upon controlled shutdown, via shutdown(8)(), init(8)() will attempt to run the script /etc/rc.shutdown, and then proceed to send all processes the TERM signal, and subsequently the KILL signal to any that do not terminate timely.

To power down a FreeBSD machine on architectures and systems that support power management, use the command shutdown -p now to turn the power off immediately. To just reboot a FreeBSD system, just use shutdown -r now. You need to be root or a member of operator group to run shutdown(8)(). The halt(8)() and reboot()(8) commands can also be used, please refer to their manual pages and to shutdown(8)()'s one for more information.

Note: Power management requires acpi(4)() support in the kernel or loaded as module for.
Click to expand...

Another note the operator group is also responsible for other hardware such as CD/DVD/Blu-Ray devices and probably USB/firewire et cetera. Anyone in that group will also be able to use those devices without need for permission or password.

If you need to script a policy you'll need to grok pw(8). Though this is overkill for what you ask I'm putting it here for future visitors to this thread once search engines pick it up. Once again the handbook is complete with a simple usage tutorial here:

http://www.freebsd.org/handbook/users-groups.html

Happy Hacking! ~
 
phoenix said:
So ... you configure sudo(8) to be able to run shutdown(8) without a password ... but then you don't use sudo(8) to actually run the shutdown(8) command?

What happens if you type: $ sudo /sbin/shutdown -p now
Click to expand...
It will want me to input password.

BTW,
Code: 
>id sw2wolf
uid=1001(sw2wolf) gid=1001(sw2wolf) groups=1001(sw2wolf),0([color="red"]wheel[/color]),5([color="Red"]operator[/color]),920(vboxusers)
 
Fix your sudoers(5) file, then. Use Cmnd_Alias instead of specifying the commands directly after NOPASSWD::
Code: 
Cmnd_Alias SHUTDOWN=/sbin/shutdown -p now
Cmnd_Alias REBOOT=/sbin/shutdown -r now

%wheel ALL=NOPASSWD: SHUTDOWN,REBOOT

And then you should be able to (without being part of operator group, being only in the wheel group):
$ sudo /sbin/shutdown -r now
 
phoenix said:
Fix your sudoers(5) file, then. Use Cmnd_Alias instead of specifying the commands directly after NOPASSWD::
Code: 
Cmnd_Alias SHUTDOWN=/sbin/shutdown -p now
Cmnd_Alias REBOOT=/sbin/shutdown -r now

%wheel ALL=NOPASSWD: SHUTDOWN,REBOOT

And then you should be able to (without being part of operator group, being only in the wheel group):
$ sudo /sbin/shutdown -r now
Click to expand...

It works great! Tthank you.
 
Status
Not open for further replies.
Back
Top