operator group (group owner of /sbin/shutdown) does not meet your needs (Thread 65389), the traditional UNIX (legacy) approach is: you create a separate user group(5), e. g.pw groupadd turnoff -m web9452
#!/bin/sh
exec /sbin/shutdown -p now
chown root:turnoff /usr/local/bin/turnoff # group owner is `turnoff`
chmod 'u=rwxs,g=rx,o=' $_ # suid bit set means script is executed as the file owner (= `root`)
root. See also Thread 17829.tingo@kg-core2:~ $ pw groupshow operator
operator:*:5:root,tingo
… updating the database for the Locate command. …
% man locate
% ls -hln /usr/libexec/locate.updatedb
-r-xr-xr-x 1 0 0 3.4K 24 Aug 14:21 /usr/libexec/locate.updatedb
% less /usr/libexec/locate.updatedb
%
if [ "$(id -u)" = "0" ]; then
echo ">>> WARNING" 1>&2
echo ">>> Executing updatedb as root. This WILL reveal all filenames" 1>&2
echo ">>> on your machine to all login users, which is a security risk." 1>&2
fi
there is no man page for doasdoas or sudo and define things appropriately
one must "pkg install doas" as root firstthere is no man page for doas
I don't believe that you can setuid a script like that (i.e stuff that is run through an interpreter specified by the shebang) and have it run as the effective uid. It can only be done on executables.that has appropriate permissions, in particular
I don't believe that you can setuid a script like that (i.e stuff that is run through an interpreter specified by the shebang) and have it run as the effective uid. It can only be done on executables.
In these examples, even though the shell script in question is an executable file, it will not run with a different EUID or effective user ID. This is because shell scripts may not access the setuid(2) system calls.
johndoe to the operator group:pw groupmod operator -m johndoe (as root of course). You'll probably be fine with that. The membership will also allow management of (UFS) snapshots. Maybe there's more I'm not aware of?#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <syslog.h>
#include <unistd.h>
int main(int argc, char **argv)
{
const char *progname = "turnoff";
if (argc > 0) progname = argv[0];
if (geteuid() != 0)
{
fprintf(stderr, "%s: Must be installed suid root.", progname);
return EXIT_FAILURE;
}
uid_t uid = getuid();
struct passwd *pw = getpwuid(uid);
const char *username = "<unknown>";
if (pw) username = pw->pw_name;
syslog(LOG_NOTICE, "shutdown requested by %s[%d]", username, (int)uid);
// setuid(0); <- only needed if a tool checks you really *are* root, /sbin/shutdown doesn't...
execl("/sbin/shutdown", "shutdown", "-p", "now", NULL);
return EXIT_FAILURE;
}
what shell do you use (%) and why?View attachment 20163It's online:
what shell do you use (%) and why?