[systemd-devel] Antw: [EXT] Re: [systemd‑devel] Run reboot as normal user
Ulrich Windl
Ulrich.Windl at rz.uni-regensburg.de
Wed Dec 1 10:37:45 UTC 2021
>>> Martin Wilck <mwilck at suse.com> schrieb am 01.12.2021 um 10:41 in Nachricht
<a64771271a667804c450a13481cee06180965b12.camel at suse.com>:
> On Wed, 2021‑12‑01 at 10:24 +0100, Ulrich Windl wrote:
>> > >
>>
>> And I wonder what's wrong with allowing the shutdown command for the
>> user in
>> sudoers.
>> (sudo $(which shutdown) ‑r now)
>
> Sure. I thought sudo might not be installed on that embedded system,
> either. If it is, I'd prefer it over other solutions simply because
> it's more transparent. Capability bits tend to go unnoticed.
>
Quote from OP: "Previously the guest user was in sudoers (so to run reboot the
systemd
service uses "sudo") but actually our customer wants to remove the guest
user from sudoers."
It was some odd security debate: If someone can operate as guest he/she should
not be able to reboot, while the guest user should be.
(Maybe I misunderstood. Any case some details for the problem are missing)
> Martin
More information about the systemd-devel
mailing list