call halt/reboot as user

Arno Steffen arno.steffen at googlemail.com
Mon Jan 3 14:06:41 UTC 2011


Thanks for quick help!

I updated busybox with latest stable version by compile and cp via ftp
to /usr/bin
Then I did an "./busybox --install -s" to create the new links.

I did a "chmod 4755 /bin/busybox" -> login works.
As sudo is not implemented in my system (and not part of busybox) and
a new user is to uncomfortable your 3rd approach looks best.

I checked here
user at ubu:/opt/src/busybox-1.18.1$ find . | xargs grep BB_SUID_DROP | grep halt
./include/applets.h:IF_HALT(APPLET(halt, _BB_DIR_SBIN, _BB_SUID_DROP))
./include/applets.h:IF_HALT(APPLET_ODDNAME(poweroff, halt,
_BB_DIR_SBIN, _BB_SUID_DROP, poweroff))
./include/applets.h:IF_HALT(APPLET_ODDNAME(reboot, halt, _BB_DIR_SBIN,
_BB_SUID_DROP, reboot))
./init/halt.c://applet:IF_HALT(APPLET(halt, _BB_DIR_SBIN, _BB_SUID_DROP))
./init/halt.c://applet:IF_HALT(APPLET_ODDNAME(poweroff, halt,
_BB_DIR_SBIN, _BB_SUID_DROP, poweroff))
./init/halt.c://applet:IF_HALT(APPLET_ODDNAME(reboot, halt,
_BB_DIR_SBIN, _BB_SUID_DROP, reboot))

I guess I have to replace BB_SUID_DROP in all 6 lines.
There is just one open question: What is the disadvantage or
side-effect of setting busybox to be setuid.
I am not so much familiar with this, but afraid users can do other
this (they shouldn't do) as well.

Best regards
Arno

2011/1/3 Denys Vlasenko <vda.linux at googlemail.com>:
> On Mon, Jan 3, 2011 at 11:25 AM, Arno Steffen
> <arno.steffen at googlemail.com> wrote:
>> 1) I want normal user give the permission to reboot or halt the system.
>> With current implemented busybox it is not allowes - I just get a NO.
>
> Because reboot tries to initiate reboot, but gets EPERM.
> (BTW, can you please upgrade to something newer than busybox-1.13.x?)
>
>
>> I already changed the link from /sbin/reboot to /bin/reboot or changed
>> permission, but this doesn't help.
>
> Possible approaches:
> * Make a new user with uid 0 and login shell=/sbin/reboot.
>  or
> * Use sudo mechanism to allow some users to run /sbin/reboot
>  or
> * Make busybox binary setuid root, and change reboot applet from
>  _BB_SUID_DROP to _BB_SUID_MAYBE in this line:
>  IF_HALT(APPLET_ODDNAME(reboot, halt, _BB_DIR_SBIN, _BB_SUID_DROP, reboot))
>  (warning: this will allow any user to run reboot)
>
>
>> 2) when user is logged in, I can't change to root, as login command
>> can only be run as superuser.
>
> Works for me as long as busybox binary is setuid root:
>
> $ busybox login
> myhost login: _
>
>
>> How can I change the user?
>
> Using su command.
>
> --
> vda
>


More information about the busybox mailing list