The resulting system would send the magic packet to wakeup the main server, zip the days data, scp the data to the main server and then ssh to the shutdown down user(causing the machine to halt). Now that I have an old iphone 3g I was seriously considering porting my ultra light server to it.
Anyway some how I got off track...again... My ubuntu server didnt cleanly upgrade to 10.10 so am I rebuilding it from scratch. Here is how to setup the auto shutdown user:
First add the shutdown user:
sudo adduser --home /home/shutdown shutdown
Or add the existing user to the shutdown group. (or combo of both)
sudo usermod -a -G shutdown username
Grant him ssh rights with:
sudo vi /etc/ssh/sshd_config
Add the line:
AllowUsers shutdown
And setup his ssh key:
sudo su -l shutdown mkdir chmod 700 .ssh/ touch .ssh/authorized_keys chmod 600 .ssh/authorized_keys vi .ssh/authorized_keys
And add the line(with your ssh key and note the forced command "/sbin/halt"):
command="/sbin/halt",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa .... ==
Now by default halt cant be run without sudoing so to fix that edit the sudoers file
sudo visudoUPDATE: You can can now add an extension file to the sudoers.d directory and not have to modifiy /etc/sudoers directly this way it doesnt break on every system upgrade..
sudo vi /etc/sudoers.d/passwordless_shutdown
Add the lines to grant rights to shutdown(and no one else) for the halt command
%shutdown ALL=NOPASSWD: /sbin/shutdown %shutdown ALL=NOPASSWD: /sbin/halt
Then halt can be run as (an no password will be required)
sudo halt
If this still isnt sufficient (and it isnt for some scripting applications) The "sudo" part of the command can be removed by chmoding the command halt so that its runnable outside of a root user.
sudo chmod +s /sbin/reboot
Of course this basically allows any user on the system shutdown rights. so be careful with the chmod way.
In /etc/sudoers, %shutdown shall be shutdown
ReplyDelete%name means a group