At 08:20 PM 1/17/00 -0700, Eric Fox wrote:
>On workstations, I've setup 'reboot' and 'shutdown' userid's that are
>uid=0 and have /sbin/reboot and /sbin/halt as their shells.  Not perfect,
>but it's simple and works.

However, this does make management of the password for those accounts an
issue - any time a "qualified user" becomes an "unqualified user", you have
to change the password and let everyone who is still qualified know about
the change.

Much simpler to put the necessary people in group operator, or in some
other group which has permission to execute a setgid script that runs
shutdown (which is itself a bit silly, since it looks like running shutdown
is the only extra thing you get by being in group operator anyway. Of
course it does allow you to do other things, eg requiring the user to be on
a local tty or whatever). This way every person has exactly one password to
remember, and it controls all their access to the machine.

Hmmm, this has strayed far from being i386 specific... ;-)