# Add permission to reboot for user?



## Lobster (Jun 23, 2010)

FreeBSD 7-8

i add user
adduser


Haw can i give a user permissen to reboot server - local and by shell(i use lshell)?

I add it to wheel group it does not help

P.S. We idea is too make icon (plink.exe) for reboot server by any fisical user if it is necessary. This user enters by ssh on server in lshell - he can run only one comman reboot


----------



## crsd (Jun 23, 2010)

Add the user to operator group, so he can use `$ shutdown` (with "-r").


----------



## Lobster (Jun 23, 2010)

Thank you!


----------



## mk (Jun 23, 2010)

add your user to *operator* group, to do that edit */etc/group*. check man page for more on that.
how you will restrict that user of running only shutdown command? in plink.exe or on the server. i suggest you to do it on the server. check man sshd for *command="command"* it will restrict the user to exec only this command.

EDIT: use shutdown -p now  to shutdown you pc


----------



## Lobster (Jun 23, 2010)

I use lshell and it restrics it

part of lshell.conf

```
[default]
##  a list of the allowed commands or 'all' to allow all commands in user's PATH
allowed         : ['shutdown']

##  a list of forbidden character or commands
forbidden       : ['su','ls','cd','cd','rm','chmod','[',';', '&', '|','`','>','<
', '$(', '${']
```


----------



## SirDice (Jun 23, 2010)

Install security/sudo. Edit the sudoers file with visudo(8) and add:

```
myuser   localhost=NOPASSWD: /sbin/reboot
```

myuser will be able to reboot the machine using `% sudo /sbin/reboot`


----------



## mk (Jun 23, 2010)

well the reason i suggest to locally restrict executed commands is the fact that plink.exe can be altered and/or your configuration for ishell


----------

