# Shutdown & Restart

## IvanHoe

What group do I need to add a user to for that user to be able to shutdown or restart without su?

----------

## wzzrd

Better just chmod or chown the shutdown and reboot scripts. That's what made it work for me.

----------

## Mnemia

Actually rather than just using chmod I would use chown to change the group ownership on the scripts and make sure you are a member of that group. You could make a new group or use wheel, etc.

eg chown root.wheel <script>

Then do a chmod 750 on the script and you should be good to go.

----------

## rac

Mnemia, does that really work?  I see 

```
  realuid = getuid();

  setuid(geteuid());

  if (getuid() != 0) {

        fprintf(stderr, "shutdown: you must be root to do that!\n");

        exit(1);

  }

```

...in shutdown.c's main() function.  Wouldn't it have to be 4750 root.somegroup, then?

----------

## eivinn

I have just made a symlink to the real shutdown script in /usr/bin I then chmod'ed the script 4750 and was good to go.

By the way: every user are good to go for a restart. Just press CTRL-ALT-DEL

----------

## Mnemia

Heheh, should've looked more closely. My mistake   :Embarassed: 

Oh well, I'm glad you got it to work.

----------

## Yarrick

Yes, CTRL-ALT-DEL is useful. Then just press the powerbutton when it says "Remounting partitions readonly..."  :Smile: 

----------

## rizzo

 *eivinn wrote:*   

> every user are good to go for a restart. Just press CTRL-ALT-DEL

 

That is only from console, meaning you'd have to physically be AT the computer.  Obviously if you are ssh'ed in and did ctrl-alt-del there's a chance it would restart your client machine.

Just stating what is hopefully the obvious.

----------

## Hephaistos

How can that work?

What if I copy a shutdown script an a Floppy and go to an other Computer. Copy it into my home dir as a normal user and start that script. Does the computer go down?

----------

## pjp

Only if you have permission to chmod 4750 (4 being the key)

----------

## rac

 *Hephaistos wrote:*   

> What if I copy a shutdown script an a Floppy and go to an other Computer. Copy it into my home dir as a normal user and start that script. Does the computer go down?

 

If you copy it, it will lose the setuid bit, so the resulting shutdown binary will not be suid root and won't work when run by a normal user.  However, you could run it off the floppy directly, depending on how the other computer is configured.  If normal users can't mount floppies, then you won't be able to mount it.  If normal users can mount floppies, but the setuid bits are not honored on them, then that won't work directly.  There is one other tactic I know of that will work with older versions of perl and/or older versions of the Linux kernel that don't support fstatvfs, but that's of historical importance only.

However, if you have physical access to the machine, and you want to shut it down, why not just pull the power cord?

----------

## Hephaistos

If I dont have physical access? Maybe using ftp and telnet?

What if I set it to the uid of the system on my system?

----------

## Curious

 *Hephaistos wrote:*   

> If I dont have physical access? Maybe using ftp and telnet? What if I set it to the uid of the system on my system?

 

 If you can set the SUID bit over a telnet session, I don't think uploading your own shutdown script is going to be a real priority.  If you can set things to be suid root, you are already root, most likely.

 If you FTP something across, it's going to be created under your ID.  The only place this becomes a problem is when it's on floppies and cdroms ( or other removable storage ) and the careless administrator has forgotten to set the mount option that disables SUID binaries on this filesystem.

 How about instead of bothering the forum with these suggestions, you go and try them for yourself first?  :Razz:   Or better yet, go and read up on the Unix security and file permissions model.

-- Curious

----------

## rac

 *Hephaistos wrote:*   

> If I dont have physical access? Maybe using ftp and telnet?

 

Neither of those methods will preserve suid bits.

 *Quote:*   

> What if I set it to the uid of the system on my system?

 

What do you mean by "the uid of the system on my system"?  root is uid 0 by definition.

What were are discussing here is logically equivalent to an unprivileged user gaining remote root access, because the file in question could just as easily be a suid root shell as a suid root shutdown binary.  Therefore, any system that is configured in such a way as to allow this to happen has severely compromised security.  If you find a way to do this on a normally configured Gentoo system (or any other mainstream Linux distro), I'm sure there are lots of black hats that would be willing to pay you a lot of money for the technique.

----------

## Curious

P.S., Hephaistos, I am going to be watching you very closely from now on.  :Razz: 

-- Curious

----------

