operator

Huh, is pressing the power button insufficient? If membership to the operator group (group owner of /sbin/shutdown) does not meet your needs (Thread 65389), the traditional UNIX (legacy) approach is: you create a separate user group(5), e. g.​
Bash:
pw groupadd turnoff -m web9452
and create a shell script​
Bash:
#!/bin/sh
exec /sbin/shutdown -p now
that has appropriate permissions, in particular​
Bash:
chown root:turnoff /usr/local/bin/turnoff # group owner is `turnoff`
chmod 'u=rwxs,g=rx,o=' $_                 # suid bit set means script is executed as the file owner (= `root`)
PS: Maybe you will be happy by simply tweaking the group ownership of /sbin/poweroff? Also for auditing purposes you want the user to appear in the logs, not the suid’d root. See also Thread 17829.​
 
very interesting. doas and sudo. i have seen these before but I know nothing about them.
On the BSD splash page it said something like if you add a userid to this operator group that user ID will then be able to do shutdown and other things without being root. I wonder if that includes updating the database for the Locate command. I was hoping to find that operator group. I think Mr Kai hints at it but he does not offer enough info : I need more direction. I am just learning. OK!
 
Read the pw(8) manual page. It allows you to see and change (amongst other things) groups and members on your machine / machines.
Example:
Code:
tingo@kg-core2:~ $ pw groupshow operator
operator:*:5:root,tingo
Here I can see that users 'root' and 'tingo' are members of the group 'operator'. And you might need doas / sudo as a regular user for changing membership of a group.
 
… updating the database for the Locate command. …

Code:
% man locate
% ls -hln /usr/libexec/locate.updatedb
-r-xr-xr-x  1 0 0  3.4K 24 Aug 14:21 /usr/libexec/locate.updatedb
% less /usr/libexec/locate.updatedb
%

In the script:

sh:
if [ "$(id -u)" = "0" ]; then
        echo ">>> WARNING" 1>&2
        echo ">>> Executing updatedb as root.  This WILL reveal all filenames" 1>&2
        echo ">>> on your machine to all login users, which is a security risk." 1>&2
fi
 
there is no man page for doas

1724870748954.pngIt's online:
 
I don't believe that you can setuid a script like that (i.e stuff that is run through an interpreter specified by the shebang) and have it run as the effective uid. It can only be done on executables.
You are right. ? Thread 7965 → It says so in the handbook
In these examples, even though the shell script in question is an executable file, it will not run with a different EUID or effective user ID. This is because shell scripts may not access the setuid(2) system calls.​
Well, you can always turn the shell script into a non‑interpreted executable file using misc/shc. ?‍?​
 
Add user johndoe to the operator group:
pw groupmod operator -m johndoe (as root of course). You'll probably be fine with that. The membership will also allow management of (UFS) snapshots. Maybe there's more I'm not aware of?

In case you really want to create a dedicated group only for shutdown, why not just compile your own little suid wrapper, e.g. something like this:
C:
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <syslog.h>
#include <unistd.h>

int main(int argc, char **argv)
{
    const char *progname = "turnoff";
    if (argc > 0) progname = argv[0];
    if (geteuid() != 0)
    {
        fprintf(stderr, "%s: Must be installed suid root.", progname);
        return EXIT_FAILURE;
    }
    uid_t uid = getuid();
    struct passwd *pw = getpwuid(uid);
    const char *username = "<unknown>";
    if (pw) username = pw->pw_name;
    syslog(LOG_NOTICE, "shutdown requested by %s[%d]", username, (int)uid);
    // setuid(0); <- only needed if a tool checks you really *are* root, /sbin/shutdown doesn't...
    execl("/sbin/shutdown", "shutdown", "-p", "now", NULL);
    return EXIT_FAILURE;
}
 
Back
Top