Have you ever wondered why shutdown account exists on Linux server, especially under Red Hat Enterprise Linux distribution? The answer is quite simple - shutdown account can shutdown server. Here is how you can enable the shutdown account:
1) Login as a root user .
2) Setup password for the shutdown account:
# passwd shutdown
2) Add access to shutdown –h now via sudo:
# visudo
Put any one of following line in your sudo configuration file:
shutdown ALL=/sbin/shutdown –h now
OR
shutdown localhost=/sbin/shutdown –h now
Note that localhost will only allow sudo from local terminal. For network based shutdown make sure you use ALL or an IP address or a domain name, for complete syntax refer sudo(8), and sudoers(5) command man page.
4) Save and close the file.
5) Change the shutdown shell:
# vi /etc/passwd
Replace existing shell entry (/sbin/shutdown) to
/usr/bin/sudo /sbin/shutdown –h now
Chang text from:
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
to:
shutdown:x:6:0:shutdown:/sbin:/usr/bin/sudo /sbin/shutdown –h now
6) Close and save the file.
7) Test it by login into system with shutdown username and password.
8) Please, note down that sudo will prompt for password. If you wish to get rid of this issue use NOPASS option in sudo configuration file.
9) Alternatively, you can use the sudo command only to achieve the same effect. This simple hack ensures that ordinary user can shutdown system without touching other part of the system.
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 5 comments… read them below or add one }
i tried implementing this and i got the following error messages when i tried logging in at the console with user shutdown:
gdm_slave_session_start: Directory /sbin/.gnome2 does not exist
gdm_auth_user_add: /sbin is not owned by uid 6.
i am running RHE3. please advise! thanks!
This is for shell access, for GUI there is inbuilt facility to shutdown server/workstation.
Hi Vivek,
Informative topic, thanks.
Typo here:
visod
should read:
visudo
Thanks for the heads up!
Hi Vivek,
I tried it in CentOS 5.6 machine and I encountered this error:
server sshd[3890]: User shutdown not allowed because shell /usr/bin/sudo /sbin/shutdown -h now does not exist