1

Red Hat had a feature useful to me at the present time. There was an account, generally called "shutdown", and when you logged in with the account, the system shut down.

In my specific case, I have Ubuntu Server running in a VM on my local system. The VM is running a web app, and when I'm done doing work, I want to shut down the VM. Unfortunately, I can't install VMware tools to get the "power button" based shutdown. Currently I login then sudo shutdown -h now, then type my password again, and things shutdown. Really, it's getting annoying all that waiting around and typing things.

How do I replicate the "shutdown account" functionality in Ubuntu?

A related question, were there any security gotchas that motivated people to stop using this kind of account?

pcapademic
  • 1,371

2 Answers2

3

I came to the same conclusion as reverendj1. Here is what I did:

Based on: http://www.cyberciti.biz/tips/shutdown-account-to-shutdown-linux-server.html http://ubuntuforums.org/archive/index.php/t-1238165.html

  1. Create the user
    sudo adduser --system shutdown

  2. Set new user's password
    sudo passwd shutdown

  3. Create a script that does shutdown
    sudo vi /home/shutdown/shutdown_script.sh

    • single line: in script /usr/bin/sudo /sbin/shutdown -h now

  4. Set permissions for the script

    • sudo chown shutdown:nogroup /home/shutdown/shutdown_script.sh
    • sudo chmod 500 /home/shutdown/shutdown_script.sh

  5. Edit the user's login
    sudo vi /etc/passwd

    • change
      shutdown:x:106:65534::/home/shutdown:/bin/false
      to
      shutdown:x:106:65534::/home/shutdown:/home/shutdown/shutdown_script.sh

  6. Edit SUDOers file to let user run shutdown: sudo visudo and add at end the following two lines:

    • Cmnd_Alias SHUTDOWN=/sbin/shutdown -h now
    • shutdown ALL=NOPASSWD: SHUTDOWN

In answer to the second part of my question, a poster at http://ubuntuforums.org/archive/index.php/t-1238165.html implies that creating a shutdown user makes security harder to maintain. I'm not sure why.

Tony Piper
  • 3
pcapademic
  • 1,371
  • I tried your technique but everytime I try to login as the shutdown user, the server asks me for the password and when it is entered, it asks to give "sudo password for shutdown". And when this is done, it comes back to the main login screen. Is something missing? Thanks! – itsols Jan 29 '13 at 08:17
2

A simple way would be to just create a user named shutdown and have a login script for them just be the shutdown command.

On a side note, what would be the use case for this?

reverendj1
  • 16,045
  • +1 for the thought. I like this method. I have this implemented for a customer (office). The reason is that most users aren't experts or power users. Giving them a login with too many 'powers' is a risk because sometimes they tend to experiment. So allowing just a shutdown user is a great thing. – itsols Jan 24 '13 at 12:19