# Giving shutdown permission to a specific user.

## rikiwarren

I'm trying to write a bash script that will, when finised, automatically shutdown my computer. This worked fine on a previous linux install, but apparently with my current settings only root can use the shutdown command.

I don't want the script to run as root. 

How can I authorize a specific user to use shutdown? 

I played around with sudo (and I'll admit, I really don't know what I'm doing), but it seemed to require the user to enter a password--which won't work in a script. 

-Rich-

----------

## BlueEar

Did you try setting the sticky bit on reboot and halt? As the root do 

```
chmod a+s /sbin/reboot /sbin/halt
```

 Or you can do it on the group level and add users to that specific group.

----------

## jondkent

Hi,

You shouldn't set the suid bit really, bad practise.

sudo is your friend here, you just need to add the following line into your  sudoers file (via visudo)

```

[userid]  ALL=/sbin/halt NOPASSWD: ALL

```

that will stop sudo asking for a password

Jon

----------

## rac

 *jondkent wrote:*   

> You shouldn't set the suid bit really, bad practise.

 

Care to elaborate as to why this is so bad?  Even if permissions are something like root.wheel 4750?

----------

## jondkent

Mainly because its a bad habit  to get into  :Sad: .  Some UNIX version, such as Solaris, have no wheel group out the box so you can't do what you suggest in that situation.  Also, as sudo is available to use you might as well use it.  After all this is one of the reasons it was designed, to help you avoid having to set suid.

Sudo also gives you a greater degree of control over who can access critical binaries such as halt.  Yes you could create a sysadmin group for this type of thing, but whats the point when you have sudo  :Question: 

Lastly, when new version comes out the current perms will be overwritten which means you have to remember what you have changed, which you won't until a later time.

Jon

----------

## rikiwarren

```
%wheel localhost=/sbin/shutdown        NOPASSWD: ALL
```

Does not work. Visudo reports an error on that line, and prompts me to go back and re-edit it. I've also tried the following variations:

```
riki localhost=/sbin/shutdown        NOPASSWD: ALL

%wheel ALL=/sbin/shutdown        NOPASSWD: ALL

%wheel ALL=/sbin/halt        NOPASSWD: ALL
```

This, however, works. But it gives more permissions than I really want.

```
%wheel  ALL=(ALL)       NOPASSWD: ALL
```

Any suggestions?

-Rich-

[/code]

----------

## jondkent

Hi,

typo at my end  :Embarassed:  , you need this :

```

%wheel    ALL=[cmd]       NOPASSWD

```

Jon

----------

## kwon37xi

What I tried for shutdown by non-root users

I just wanted to give this permission to wheel group users.

First "emerge sudo"

then edit /etc/sudoers

I added the followings

 *Quote:*   

> 
> 
> %wheel ALL=(root) NOPASSWD: /sbin/shutdown
> 
> %wheel ALL=(root) NOPASSWD: /sbin/halt
> ...

 

Then I made shell script /usr/local/bin/shutdown, /usr/local/bin/halt, .... like the following

 *Quote:*   

> 
> 
> #/bin/sh
> 
> sudo /sbin/shutdown $*
> ...

 

It works fine. but.... GNOME 2's Halt/Reboot don't work.   :Embarassed: 

----------

## guero61

To do it with groups, you'd need to do this:

```

# groupadd shutdown

# usermod -G shutdown,users $USER

# chgrp shutdown /sbin/shutdown

# chmod 750 /sbin/shutdown

```

----------

