Page 1 of 1

Rebooting misery

PostPosted: Mon Apr 14, 2003 6:35 pm
by asok
Probably it's only me being dense, but I am having a very hard time configuring my ACLs so that my system reboots cleanly (while the ACLs still remain somewhat secure). Let me try to explain my problem.

When the system is booting, everything is fine, since I can first run the init scripts (mounting the fs's, starting daemons, etc.), then I can apply a strict ACL system which only covers the running daemons (and not the starting up, which often needs more rights and capabilities). There is a small insecurity here, because the daemons run for a few moments without ACL protection, but I can live with it (unless, of course, someone can recommend something better).

When shutting down, however, I cannot see any solution like this. I think it would be nice, if in admin mode, gradm -D would not prompt for a password, because then the first rc script could unload the ACLs (otherwise it waits for a password on the console which may not be accessible). I had a few other ideas, but they don't really work: inheritance does not work, because on e.g. SuSE, there are many nested levels of scripts running (it would even be very tedious to configure with nested ACLs); and giving out all the rights necessary without inheritance would make the ACL system much less secure. Perhaps my most useable idea is to write a script instead of shutdown (and halt, reboot, poweroff) that first runs (and authenticates) gradm -D, then execs the real shutdown. But it has its drawbacks as well.

Does anybody have any advice for me? :-?

Thanks in advance,
Akos

PostPosted: Mon Apr 14, 2003 9:28 pm
by miha
One insecure solution would be use of Expect (language) in your shutdown scripts. Expect can work with interactive programs (gradm is interactive) and send password to 'gradm -D'. But using expect, you will have to store password somewhere on your system, which is pretty insecure.

Mikhail.