HPE Community
Operating System - HP-UX
1844796 Members
2305 Online
110233 Solutions
New Discussion

Re: about the shutdown command

 
SOLVED
Go to solution
bhupesh m
Frequent Advisor

‎10-15-2006 07:56 AM

‎10-15-2006 07:56 AM

about the shutdown command

Hi,
i have this question for long time,
how u will prevent urself from doing a shutdown command when u r the root?(shutdown or any dangerous command)

sometime back, when i want to run shutdown command in one box, i did that command in another box. since both are test machines, i got no problem.

and also, the shutdown command's persmission is:
-r-sr-xr-x 1 root bin 266240 Apr 12 2000 shutdown

what is the "s" in the permissions and what is meant by root and bin(next to the permission and the "1")?..is it like, the owner of this file is bin and root only can execute it???
0 Kudos
Reply
3 REPLIES 3
James R. Ferguson
Acclaimed Contributor

‎10-15-2006 08:42 AM

‎10-15-2006 08:42 AM

Solution

Re: about the shutdown command

Hi:

The only way to prevent yourself from doing a shutdown command when you are root is (1) *not* to do it; or (2) don't operate as 'root' unless you absolutely need to do so!

The 'shutdown' binary is owned by 'root' and has its 'setuid' bit set. That's the "s" you see in the owner's permission in place of an "x". This means that anyone who can execute the command (as given by the group and world-wide) execute permissions) can run 'shutdown' *as if* they were 'root'. That is, the executing user's effective uid becomes zero (root).

Now, that would be disasterous *if* things the code were that simple. Normally, only 'root' can perform 'shutdown'. However, if you create '/etc/shutdown.allow' you can add 'root' AND other users to the file to denote that they have the privilege to perform 'shutdown'. You must include 'root' in the file.

For a full description of how to create an '/etc/shutdown.allow' file, see the manpages for 'shutdown':

http://www.docs.hp.com/en/B2355-60127/shutdown.1M.html

Regards!

...JRF...
Reply
bhupesh m
Frequent Advisor

‎10-15-2006 12:18 PM

‎10-15-2006 12:18 PM

Re: about the shutdown command

Thanks JRF,
and one question i have,
from the path, if i remove /usr/sbin, then whatever sbin commands i need to use, i should use full path only, like "/usr/sbin/shutdown -r". is that will work? is that idea fine?
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎10-15-2006 01:05 PM

‎10-15-2006 01:05 PM

Re: about the shutdown command

I would not remove /usr/bin/ from your PATH. There are lots of commands and utilities in /usr/bin that you would then have to use the full path for those commands.

Your original situation, accidentally shutting down the wrong machine, is why you MUST always know which machine you are working on.

This is one reason I include the hostname in my prompt on ALL machines.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.