Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!samsung!zaphod.mps.ohio-state.edu!maverick.ksu.ksu.edu!rutgers!njin!princeton!phoenix.Princeton.EDU!subbarao
From: subbarao@phoenix.Princeton.EDU (Kartik Subbarao)
Newsgroups: comp.unix.questions
Subject: Re: how to create a user, which can't be su'd to ?
Keywords: su
Message-ID: <5491@idunno.Princeton.EDU>
Date: 18 Jan 91 16:23:40 GMT
References: <1460@nixsin.UUCP>
Sender: news@idunno.Princeton.EDU
Lines: 33

In article <1460@nixsin.UUCP> koerberm@nixsin.UUCP (Mathias Koerber) writes:
>Howdy,
>
>I have a (small) system, which I want all my staff to be able to shutdown in
>the evening, without having to give them full root access. So i created a user
>"shut", whose .profile calls /etc/shutdown with all the necessary parameters.
>
>I want to protect this account against being accessed via su, so that it is not
>used accidentally. How can I do this?

To avoid all hassles of making a new user with user id 0, you can simply
write a small C program (as opposed to a problematic shell script) that 
execl's /etc/shutdown with the desired parameters, and make that program 
set UID root. 

i.e:

main()
{
    execl ("/etc/shutdown", "shutdown", "Your arguments here", (char *) 0);
}

and everything is okay.


				-Kartik


--
internet# find . -name core -exec cat {} \; |& tee /dev/tty*
subbarao@{phoenix or gauguin}.Princeton.EDU -|Internet
kartik@silvertone.Princeton.EDU (NeXT mail)       -|	
SUBBARAO@PUCC.BITNET			          - Bitnet