Results 1 to 10 of 10

Thread: How run shutdown as normal user without sudo

  1. #1
    Join Date
    Feb 2006
    Beans
    18

    How run shutdown as normal user without sudo

    Can I permit a normal user to execute /sbin/shutdown without using sudo?

    Here is what happens on my computer running Ubuntu 8.04 as the user "vato":
    $ shutdown -h now
    shutdown: Need to be root

    $ sudo chmod +x /sbin/shutdown

    $ ls -l /sbin/shutdown
    -rwxr-xr-x 1 root root 44312 2008-04-11 09:50 /sbin/shutdown

    $ shutdown -h now
    shutdown: Need to be root

    $ sudo chown vato /sbin/shutdown
    chown: changing ownership of `/sbin/shutdown': Operation not permitted

    $ sudo chgrp vato /sbin/shutdown

    $ shutdown -h now
    shutdown: Need to be root


    Alright, so Ubuntu doesn't let me change the owner of /sbin/shutdown
    and /sbin/shutdown seems to only run if I am root (or I use sudo). I want to run it as a normal user without having to type sudo. Is that possible?

  2. #2
    Join Date
    Jul 2006
    Location
    Here
    Beans
    9,689

    Re: How run shutdown as normal user without sudo

    just put shutdown with no password in the sudoers file.

    example:
    user ALL=NOPASSWD: /sbin/shutdown

    you can add as many programs as you want.
    example:
    user ALL=NOPASSWD: /sbin/shutdown, /usr/sbin/synaptic, /usr/bin/nautilus, /usr/bin/gedit, etc...

    you can also create a group:

    %staff ALL=NOPASSWD: /sbin/shutdown

    you'll still have to use sudo, but it won't ask for a password.

    example:

    sudo shutdown -r now
    sudo shutdown -h now

    man sudoers for more info

    i use jwm, so it's in my menu
    Last edited by kerry_s; November 8th, 2008 at 08:33 PM.

  3. #3
    Join Date
    Sep 2005
    Location
    Germany
    Beans
    83
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: How run shutdown as normal user without sudo

    You could set the s-bit to enable non-superusers to run programs as root, e.g.

    Code:
    sudo chmod a+s /sbin/shutdown
    After that, you can run 'shutdown' as a normal user.


    Regards,
    ds[de]

  4. #4
    Join Date
    Feb 2010
    Beans
    271

    Re: How run shutdown as normal user without sudo

    can i run a command as normal user after a sudo within a bash script? Even without sudo the following command remains as root started.

  5. #5
    Join Date
    Oct 2010
    Beans
    14

    Re: How run shutdown as normal user without sudo

    No. As far as I know you need root level permissions to issue the shutdown command. It is also very insecure to allow no sudo users to issue the shutdown command (or any other variants thereof, poweroff, halt etc).

    - madhater

  6. #6
    Join Date
    May 2006
    Location
    Switzerland
    Beans
    2,541
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: How run shutdown as normal user without sudo

    Quote Originally Posted by ahso4271 View Post
    can i run a command as normal user after a sudo within a bash script?
    You can run stuff password-less with sudo if you put all the commands that would require root priviledges and which appear in your bash script into the sudoers file, with a complete path. What I mean is this: this is an example on my own system. This script establishes a VPN connection (using a closed-source product) to a customer of mine:

    Code:
    #! /bin/bash
    /usr/local/bin/barracudavpn --start -r MyPasswordHere
    sudo route add -net 10.20.50.0 netmask 255.255.255.0 gw 192.168.200.254
    sudo route add -net 10.20.51.0 netmask 255.255.255.0 gw 192.168.200.254
    sudo route add -net 10.20.52.0 netmask 255.255.255.0 gw 192.168.200.254
    sudo route add -net 10.20.54.0 netmask 255.255.255.0 gw 192.168.200.254
    sudo route add -net 10.15.50.0 netmask 255.255.255.0 gw 192.168.200.254
    The many route commands up there are needed or else I would still be unable to reach anything. And those route commands need "sudo". And because it's troublesome to remember the exact syntax each time I put all those lines up there into a single script: vpn.sh

    The idea is that I can launch that script from a terminal without being asked the password each time. So I put each of those "route" commands into sudoers too:
    Code:
    # /etc/sudoers
    #
    # This file MUST be edited with the 'visudo' command as root.
    #
    # See the man page for details on how to write a sudoers file.
    #
    
    Defaults	env_reset
    
    # Host alias specification
    
    # User alias specification
    
    # Cmnd alias specification
    
    # User privilege specification
    root	ALL=(ALL) ALL
    
    # Allow members of group sudo to execute any command
    # (Note that later entries override this, so you might need to move
    # it further down)
    %sudo ALL=(ALL) ALL
    #
    #includedir /etc/sudoers.d
    
    # Members of the admin group may gain root privileges
    %admin ALL=(ALL) ALL
    
    # User sysadm may poweroff the system if he wants to
    sysadm     ALL=NOPASSWD: /sbin/poweroff
    sysadm     ALL=NOPASSWD: /sbin/reboot
    
    # User sysadm may use apt to update the system and clean the APT cache
    sysadm     ALL=NOPASSWD: /usr/bin/apt-get clean
    sysadm     ALL=NOPASSWD: /usr/bin/apt-get update
    sysadm     ALL=NOPASSWD: /usr/bin/apt-get dist-upgrade
    
    
    # VPN stuff:
    sysadm     ALL=NOPASSWD: /sbin/route add -net 10.20.50.0 netmask 255.255.255.0 gw 192.168.200.254
    sysadm     ALL=NOPASSWD: /sbin/route add -net 10.20.51.0 netmask 255.255.255.0 gw 192.168.200.254
    sysadm     ALL=NOPASSWD: /sbin/route add -net 10.20.52.0 netmask 255.255.255.0 gw 192.168.200.254
    sysadm     ALL=NOPASSWD: /sbin/route add -net 10.20.54.0 netmask 255.255.255.0 gw 192.168.200.254
    sysadm     ALL=NOPASSWD: /sbin/route add -net 10.15.50.0 netmask 255.255.255.0 gw 192.168.200.254
    Result: With above lines in place I can shutdown, reboot and update my system or establish VPN connections without ever being asked a password.

    Of course you can add other commands too ... But please be aware that this is potentially dangerous (you can hose your system). You shouldn't put too much stuff in there. The powers of "root" should only be used if really really necessary.

    EDIT:

    Running stuff as normal user after "sudo" has been used could be done using "su" (= switch user). Example from my system -- I cut out the irrelevant parts. But this snippet here is from a script that runs as "root". But at the end of the script I'd like to start a VNC session as my normal user, not as root! Hence I use the "su" command so that things will get started under my normal user account's priviledges:

    Code:
    ...
    ... VPN and routing stuff, all running as "root" ... I cut out that stuff
    ...
    
    su - sysadm -c "/usr/bin/vnc4server :1 -depth 16 -geometry 1200x768 2>&1"
    
    # end of script; we return a code 0 to signify success
    exit 0
    What happens on that line up there is that the script which is running as "root" uses "su" to switch into my normal account and there it starts a virtual VNC4 desktop using a resolution of 1200 x 768 (VNC resolutions don't have to real); the "2>&1" bit at the end suppresses any unwanted output (I need the script to run clean without generating unwanted messages).

    So the syntax for su is:

    su - NAMEOFACCOUNT -c "command-you-want-to-execute"

    Yes, you can use that in scripts that run as "root" or via "sudo".
    Last edited by scorp123; August 21st, 2011 at 11:07 AM.

  7. #7
    Join Date
    Jun 2007
    Location
    Minneapolis, MN
    Beans
    745
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: How run shutdown as normal user without sudo

    Adding shutdown to my sodoers file as described above works to shut down locally.

    How do I shutdown a computer on my LAN with ssh?
    Moderation in all things; including moderation.

  8. #8
    Join Date
    May 2006
    Location
    Switzerland
    Beans
    2,541
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: How run shutdown as normal user without sudo

    Quote Originally Posted by JRV View Post
    How do I shutdown a computer on my LAN with ssh?
    Code:
    ssh remoteuser@remotehost "sudo shutdown"
    ... and if you use SSH keys and if you make sure that the "remoteuser" has an entry in the "sudoers" file of the remote system (as explained above) the above command will be password-less for both the SSH connection and "sudo".

    This can indeed be useful for system administration.

  9. #9
    Join Date
    Mar 2013
    Beans
    1

    Re: How run shutdown as normal user without sudo

    Quote Originally Posted by kerry_s View Post
    just put shutdown with no password in the sudoers file.

    example:
    user ALL=NOPASSWD: /sbin/shutdown

    you can add as many programs as you want.
    example:
    user ALL=NOPASSWD: /sbin/shutdown, /usr/sbin/synaptic, /usr/bin/nautilus, /usr/bin/gedit, etc..
    I used the following line, in my /etc/sudoers file

    Code:
    # User alias specification
    user ALL=NOPASSWD:/sbin/poweroff,/sbin/shutdown
    then in another terminal

    Code:
    $ poweroff
    poweroff: Need to be root
    ,But no luck... Its not working.. 'm i missing something here
    I'm running Precise on my system

  10. #10
    Join Date
    Feb 2008
    Location
    Texas
    Beans
    14,454
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: How run shutdown as normal user without sudo

    If a post is older than a year or so and hasn't had a new reply in that time, instead of replying to it, create a new thread. In the software world, a lot can change in a very short time, and doing things this way makes it more likely that you will find the best information. You may link to the original discussion in the new thread if you think it may be helpful.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •