Laine Stump wrote:
> 
> At 08:20 PM 1/17/00 -0700, Eric Fox wrote:
> >On workstations, I've setup 'reboot' and 'shutdown' userid's that are
> >uid=0 and have /sbin/reboot and /sbin/halt as their shells.  Not perfect,
> >but it's simple and works.
> 
> However, this does make management of the password for those accounts an
> issue - any time a "qualified user" becomes an "unqualified user", you have
> to change the password and let everyone who is still qualified know about
> the change.
> 
> Much simpler to put the necessary people in group operator, or in some
> other group which has permission to execute a setgid script that runs
> shutdown (which is itself a bit silly, since it looks like running shutdown
> is the only extra thing you get by being in group operator anyway. Of
> course it does allow you to do other things, eg requiring the user to be on
> a local tty or whatever). This way every person has exactly one password to
> remember, and it controls all their access to the machine.

For that purpose, you could use "sudo" - put every non-privilleged user
in your "sudoer" file and make shutdown the only command they can
execute with sudo.  Then all they have to do is "sudo shutdown -p now"
and type *their* own password, not root's.  It's in pkgsrc.

Ken