> This is what I have in my home PC:
> 
> - two users
> 
>     halt:*:0:0:Halt this PC:/home/halt:/bin/sh
>     reboot:*:0:0:Reboot this PC:/home/halt:/bin/sh
> 
> - both have this .profile in their home directory
> 
>     #!/bin/sh
>     case ${LOGNAME} in
>             halt)
>                     /sbin/halt -p
>                     ;;
>             reboot)
>                     /sbin/reboot
>                     ;;
>             *)
>                     ;;
>     esac
> 
> Works very well for me :-)
the situation is complicated in one more way. home directories for all 
users are nfs mounted. if the network / nfs is for some reason down, the 
halt/reboot user has no home => no .profile => there's no reboot => user 
gains root privileges and it is bad :o(

i must say this is the current setup (but only with the operator group) 
   because i needed to do it somehow, but now i have more time, so i'd 
like to change it to more secure way...

lubos

-- 
#####################################################
Mgr. Lubos Vrbka

Center for Complex Molecular Systems and Biomolecules
J. Heyrovsky Institute of Physical Chemistry
Academy of Sciences of the Czech Republic
Prague, Czech Republic

shnek@chemi.muni.cz
#####################################################