[RESOLVED] How to allow non-root user to shutdown

General support questions
NickC
Posts: 185
Joined: 2012/01/20 16:13:41

[RESOLVED] How to allow non-root user to shutdown

Post by NickC » 2014/10/12 21:47:41

I currently have remote shutdown working fine as 'root' but I would prefer to create a new user 'remoteshutdown' to use for this instead of root. Problem is I cannot seem to find out how to allow a non root user permission to shutdown.

Edit:
Have tried changing group of /sbin/shutdown file to my 'shutdown' group but group of this file still remains as root.
Last edited by NickC on 2014/10/16 15:46:21, edited 2 times in total.

User avatar
TrevorH
Forum Moderator
Posts: 26582
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: How to allow non-root user to shutdown

Post by TrevorH » 2014/10/12 21:51:20

Use sudo
CentOS 5 died in March 2017 - migrate NOW!
CentOS 6 goes EOL sooner rather than later, get upgrading!
Full time Geek, part time moderator. Use the FAQ Luke

NickC
Posts: 185
Joined: 2012/01/20 16:13:41

Re: How to allow non-root user to shutdown

Post by NickC » 2014/10/13 13:12:34

TrevorH wrote:Use sudo
Was looking for a way to natively allow a non-root user to run shutdown. The idea is to have this run remotely over the network, if I need to use sudo then the root password will again need to be included in the batch/scrript file which is what I didn't want to do.

stevemowbray
Posts: 477
Joined: 2012/06/26 14:20:47

Re: How to allow non-root user to shutdown

Post by stevemowbray » 2014/10/13 13:45:34

No it won't, sudo can be configured to run a command without the user's password (and never requires the root password.)

NickC
Posts: 185
Joined: 2012/01/20 16:13:41

Re: How to allow non-root user to shutdown

Post by NickC » 2014/10/13 14:05:23

stevemowbray wrote:No it won't, sudo can be configured to run a command without the user's password (and never requires the root password.)
If I use sudo do I need to change the remote script to include 'sudo' in the command? At the moment my remote script is:

Code: Select all

plink.exe -ssh -root@Server1 -pw <password> "shutdown -h now"
We will need to have it send the users password for security but just not the root password which is why I am trying to get a 'remoteshutdown' user able to shutdown the machine.

stevemowbray
Posts: 477
Joined: 2012/06/26 14:20:47

Re: How to allow non-root user to shutdown

Post by stevemowbray » 2014/10/13 14:30:31

Yes. First configure sudoers on Server1 so that the remoteshutdown user can run /sbin/shutdown without a password.
(man sudoers)

Then your remote command would be

Code: Select all

plink.exe -ssh remoteshutdown@Server1 -pw <password> "sudo shutdown -h now"
(I would also advise you to set up a public/private key pair for ssh access rather than use a password.)

NickC
Posts: 185
Joined: 2012/01/20 16:13:41

Re: How to allow non-root user to shutdown

Post by NickC » 2014/10/15 15:38:04

Have tried many various edits of /etc/sudoers file but nothing seem to allow any account other than root to run the shutdown command. Is there not some other way of doing this other than sudoers file which doesn't seem to work.

Edit:
Have even tried changing group of shutdown command but for Centos does not seem to allow this to be done, no error message just doesn't have any effect.

User avatar
TrevorH
Forum Moderator
Posts: 26582
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: How to allow non-root user to shutdown

Post by TrevorH » 2014/10/15 18:55:29

It would help if you detailed exactly what you did try...
CentOS 5 died in March 2017 - migrate NOW!
CentOS 6 goes EOL sooner rather than later, get upgrading!
Full time Geek, part time moderator. Use the FAQ Luke

NickC
Posts: 185
Joined: 2012/01/20 16:13:41

Re: How to allow non-root user to shutdown

Post by NickC » 2014/10/15 20:12:23

All sorts of edits of 'visudo' tested but none worked, various error below:

"shutdown -h now" remotely returns error:

Code: Select all

bash: shutdown: command not found 
"sudo shutdown -h now" remotely returns error:

Code: Select all

sudo: sorry, you must have a tty to run sudo
Logon via SSH as remoteshutdown user
"/sbin/shutdown /h now" returns error:

Code: Select all

Authentication is required for powering off the system.
Authenticationg as: <DifferentUser>
Try and make remoteshutdown user an 'Administrator'
Unable to unlock Settings -> Users
Use "su gnome-control-center user-accouts" workaround to do this.

Logon via SSH as remoteshutdown (with Administrator rights)
"/sbin/shutdown /h now" returns:

Code: Select all

Authentication is required for powering off the system.
Multiple identities can be used for authentication:
1 . <DifferentUser>
2 . remoteshutdown
Choose identity to authenticate as

User avatar
TrevorH
Forum Moderator
Posts: 26582
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: How to allow non-root user to shutdown

Post by TrevorH » 2014/10/16 01:17:03

That last one should work, as should the one before. It wants the password for the user in question not the root password.

Code: Select all

[trevor@xps13 plugins]$ /sbin/shutdown -r now
==== AUTHENTICATING FOR org.freedesktop.login1.reboot ===
Authentication is required for rebooting the system.
Authenticating as: trevor
Password: 
==== AUTHENTICATION COMPLETE ===
[trevor@xps13 plugins]$ Connection to xps13 closed by remote host.
Connection to xps13 closed.
[/cpde]
CentOS 5 died in March 2017 - migrate NOW!
CentOS 6 goes EOL sooner rather than later, get upgrading!
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 7 - General Support”