On Sat, 13 May 2006, Julio M. Merino Vidal wrote:
> Which is the appropriate way to avoid this problem, if any?  It does
> not appear in the base system because no rc.d script seems to be using
> the *_user functionality, but there are several in pkgsrc that do.

miyu% dir `which shutdown`
-r-sr-xr--  1 root  operator  14463 Apr 12 23:08 /sbin/shutdown

I gather this is running as root, even when ran by a user in the 
'operator' group (a feature that I use, too). If it's not running with the 
privileges to su(8) to some other user, that seems like a bug in 
shutdown(8) to me...

Looking at the sources, shutdown(8) runs

 	pathnames.h:#define _PATH_RCSHUTDOWN    "/etc/rc.shutdown"
 	shutdown.c:     (void)system(". " _PATH_RCSHUTDOWN);

From testing, it seems that script is indeed ran under the UID of the user 
running shutdown(8), not under UID 0. I wonder if some set(e?)uid(0) is 
missing in shutdown.c::dorcshutdown()?


  - Hubert