From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI,
	T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 2692 invoked from network); 28 May 2022 08:43:53 -0000
Received: from alyss.skarnet.org (95.142.172.232)
  by inbox.vuxu.org with ESMTPUTF8; 28 May 2022 08:43:53 -0000
Received: (qmail 19997 invoked by uid 89); 28 May 2022 08:44:18 -0000
Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm
Sender: <supervision@list.skarnet.org>
Precedence: bulk
List-Post: <mailto:supervision@list.skarnet.org>
List-Help: <mailto:supervision-help@list.skarnet.org>
List-Unsubscribe: <mailto:supervision-unsubscribe@list.skarnet.org>
List-Subscribe: <mailto:supervision-subscribe@list.skarnet.org>
List-Id: <supervision.list.skarnet.org>
Received: (qmail 19990 invoked from network); 28 May 2022 08:44:17 -0000
From: "Laurent Bercot" <ska-supervision@skarnet.org>
To: "supervision@list.skarnet.org" <supervision@list.skarnet.org>
Subject: Re: Unprivileged Shutdown?
Date: Sat, 28 May 2022 08:43:51 +0000
Message-Id: <emc5d7e355-36a6-4160-aff0-a3d908b90d5a@11e3bfd6.com>
In-Reply-To: <2NMWH7KWN9U8A.2QSU8NGDI39Q7@oak.localdomain>
References: <2NMWH7KWN9U8A.2QSU8NGDI39Q7@oak.localdomain>
Reply-To: "Laurent Bercot" <ska-supervision@skarnet.org>
User-Agent: eM_Client/9.0.1708.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable


>I have been using simple privilege escalation to poweroff the machine,
>but looking through the source code for s6-linux-init-shutdownd and
>friends, it appears the only constraint on interacting with the daemon
>is the permissions on run-image/service/s6-linux-init-shutdownd/fifo.
>
>The default appears to be:
>600 root root
>I've changed it on my system to be:
>620 root power
>and added my user to the power group.
>
>This seems like the cleanest way to implement unprivileged
>poweroff/reboot, but I'm concerned that it's not possible by default.
>Is there a better way, or is it just meant to be done manually?

  No, you are correct that it is the right mechanism.

  Allowing unprivileged shutdown is a dangerous operation and should
only be done is very specific circumstances (i.e. when a normal user
has complete seat and console access), so it's not the default and the
mechanism is fairly hidden.
  If there's demand, I can probably write a s6-linux-init-shutdown-perms
program in a future version that would let you specify the user/group
allowed to shutdown, rather than having you manually tinker with the
fifo.

--
  Laurent