[raspberry-vi] Re: Shutting down your Pi

  • From: Mike Ray <mike@xxxxxxxxxxxxxxx>
  • To: raspberry-vi@xxxxxxxxxxxxx
  • Date: Mon, 14 Oct 2013 22:37:35 +0100

I think the 'user' default user in the Accessible Arch image already 
belongs to the 'wheel' group.


On 14/10/2013 19:04, Tim Chase wrote:
> On October 14, 2013, Georgina Joyce wrote:
>> I personally prefer to use a long time trusted Unix structure that
>> restricts the user from compromising the security of the system.
> The "sudo" application has been around a long time (roughly since
> 1980), and monitored rigorously for security issues.  If this were
> some server where multiple users were logged in simultaneously, the
> ability for one user to shutdown/reboot the system might have an
> unfortunate impact on the others.  However, since the commands I gave
> were fine-grained, only the one specified user could use only the
> specified commands without a password.  I'm rather security conscious
> even on my home machines, and this is the route I use (both at home
> and on work machines I admin).
>
> Alternatively, you might be able to add the desired user(s) to the
> "wheel" group (generally reserved for folks who have administrative
> responsibilities), then "chmod" and "chown" the halt/shutdown/reboot
> binaries so that they are executable by wheel, and have the setuid
> bit for root.  Something like
>
>    $ echo $USER
>    pi
>    $ su -
>    # cd /sbin
>    # chown root:wheel shutdown reboot halt
>    # chmod u+s,g+x,o-x shutdown reboot halt
>    # adduser pi wheel
>    # exit
>    $
>
> That's untested, but it should adhere more closely to the old-school
> method of managing things with users/groups and permissions.
>
> I suppose one get extravagant and wire up GPIO pins to a big
> key-activated switch that, when triggered would launch a
> shutdown/reboot daemon script, but that's a lot of work when a
> non-graceful shutdown/restart can just be issued by pulling the plug.
> (grins)
>
> -tim
>
>
>
> ===========================================================
> The raspberry-vi mailing list
> Archives: //www.freelists.org/archives/raspberry-vi
> Administrative contact: <mike.ray@xxxxxxxxxxxxxx>
> -----------------------------------------------------------
> Raspberry Pi and the Raspberry Pi logo are trademarks of the Raspberry Pi 
> Foundation.
>
> This list is not affiliated to the Raspberry Pi Foundation and the views and 
> attitudes expressed by the subscribers to this list do not reflect those of 
> the Foundation.
>
> Mike Ray, list creator, January 2013
>


-- 
Michael A. Ray
Analyst/Programmer
Witley, Surrey, South-east UK

I KEEP six honest serving-men, They taught me all I know. Their names are What 
and Why and When and How and Where and Who.
-- Rudyard Kipling (paraphrased)

Interested in accessibility on the Raspberry Pi?
Visit: http://www.raspberryvi.org/

 From where you can join our mailing list for visually-impaired Pi hackers

=========================================================== 
The raspberry-vi mailing list 
Archives: //www.freelists.org/archives/raspberry-vi
Administrative contact: <mike.ray@xxxxxxxxxxxxxx>
-----------------------------------------------------------
Raspberry Pi and the Raspberry Pi logo are trademarks of the Raspberry Pi 
Foundation.

This list is not affiliated to the Raspberry Pi Foundation and the views and 
attitudes expressed by the subscribers to this list do not reflect those of the 
Foundation.

Mike Ray, list creator, January 2013

Other related posts:

  1. Home
  2. raspberry-vi
  3. Archive
  4. 10-2013