On October 14, 2013, Georgina Joyce wrote: > I personally prefer to use a long time trusted Unix structure that > restricts the user from compromising the security of the system. The "sudo" application has been around a long time (roughly since 1980), and monitored rigorously for security issues. If this were some server where multiple users were logged in simultaneously, the ability for one user to shutdown/reboot the system might have an unfortunate impact on the others. However, since the commands I gave were fine-grained, only the one specified user could use only the specified commands without a password. I'm rather security conscious even on my home machines, and this is the route I use (both at home and on work machines I admin). Alternatively, you might be able to add the desired user(s) to the "wheel" group (generally reserved for folks who have administrative responsibilities), then "chmod" and "chown" the halt/shutdown/reboot binaries so that they are executable by wheel, and have the setuid bit for root. Something like $ echo $USER pi $ su - # cd /sbin # chown root:wheel shutdown reboot halt # chmod u+s,g+x,o-x shutdown reboot halt # adduser pi wheel # exit $ That's untested, but it should adhere more closely to the old-school method of managing things with users/groups and permissions. I suppose one get extravagant and wire up GPIO pins to a big key-activated switch that, when triggered would launch a shutdown/reboot daemon script, but that's a lot of work when a non-graceful shutdown/restart can just be issued by pulling the plug. (grins) -tim =========================================================== The raspberry-vi mailing list Archives: //www.freelists.org/archives/raspberry-vi Administrative contact: <mike.ray@xxxxxxxxxxxxxx> ----------------------------------------------------------- Raspberry Pi and the Raspberry Pi logo are trademarks of the Raspberry Pi Foundation. This list is not affiliated to the Raspberry Pi Foundation and the views and attitudes expressed by the subscribers to this list do not reflect those of the Foundation. Mike Ray, list creator, January 2013