# Why does "/sbin/shutdown" still need password ?



## sw2wolf (Apr 12, 2012)

```
>id
uid=1001(sw2wolf) gid=1001(sw2wolf) groups=1001(sw2wolf),0([color="Red"]wheel[/color]),5(operator),920(vboxusers)

>cat /usr/local/etc/sudoers | grep NOPASSWD
%wheel ALL=(ALL) NOPASSWD: /sbin/shutdown -r now, /sbin/shutdown -p now
```

However, The user sw2wolf still needs root's password to run `sudo /sbin/shutdown`


Sincerely!


----------



## UNIXgod (Apr 12, 2012)

*shutdown* alone will bring you into single user mode.

I don't use sudo. *S*imply *su* into root first and run `shutdown -p now` for system shutdown and power off or *-r* for system shutdown then *reboot* or *-h* to shutdown the system and halt.

You can add yourself to the right group if you really need the user to have the ability to shutdown the system. I don't recommend it though.


----------



## sw2wolf (Apr 12, 2012)

> I don't use sudo. Simply *su* into root first and run `shutdown -p now` for system shutdown and power off or *-r* for system shutdown then *reboot* or *-h *to shut down the system and halt.



Of course, it works as you said. However, my freebsd FreeBSD box is a home desktop system, it is not convenient for user to "su to root" to close the machine. so *I* just want to `sudo /sbin/shutdown -p now` not need password by using sudo.


----------



## SirDice (Apr 12, 2012)

Did you logout and back in after you added the user to the wheel group?


----------



## sw2wolf (Apr 12, 2012)

SirDice said:
			
		

> Did you logout and back in after you added the user to the wheel group?


I have reboot*ed* the box. But it still does not work!


----------



## SirDice (Apr 12, 2012)

Are you typing in the complete command or just sudo shutdown?


----------



## jem (Apr 12, 2012)

sw2wolf said:
			
		

> My freebsd FreeBSD box is a home desktop system



In which case, can't you just hit the power button to trigger the shutdown process?


----------



## UNIXgod (Apr 12, 2012)

You can add the user to the operator group. This should do it. But once again I haven't tried. It seems like the right place though.

I always get a kick out of shutdown()'s man page


```
The shutdown utility provides an automated shutdown procedure for super-
     users to nicely notify users when the system is shutting down, saving
     them from system administrators, hackers, and gurus, who would otherwise
     not bother with such niceties.
```

You could also create an alias or wrapper script for other users of the system. Do fun things like tokens and fortunes on shutdown.


----------



## _martin (Apr 12, 2012)

UNIXgod said:
			
		

> You can add the user to the operator group. This should do it. But once again I haven't tried.



Yop, that's the way to go, it works that way.


----------



## UNIXgod (Apr 12, 2012)

matoatlantis said:
			
		

> Yop, that's the way to go, it works that way.



Thanks for the confirmation. I hate distilling advice I have not tested myself.


----------



## sw2wolf (Apr 12, 2012)

SirDice said:
			
		

> Are you typing in the complete command or just sudo shutdown?


I type `/sbin/shutdown -p now` or `/sbin/shutdown -r now`


----------



## UNIXgod (Apr 12, 2012)

sw2wolf said:
			
		

> I type `/sbin/shutdown -p now` or `/sbin/shutdown -r now`



Look at my post above. The answer to what you want is there. No need or backticks on this one also.


----------



## ManaHime (Apr 12, 2012)

If it's a home desktop don't you have a graphical interface (aka, gnome/kde/xfce and such) that comes with a nice shutdown menu?


----------



## pkubaj (Apr 12, 2012)

D4rkSilver said:
			
		

> If it's a home desktop don't you have a graphical interface (aka, gnome/kde/xfce and such) that comes with a nice shutdown menu?


He doesn't have to. He may use some WM.


----------



## phoenix (Apr 12, 2012)

So ... you configure sudo(8) to be able to run shutdown(8) without a password ... but then you don't use sudo(8) to actually run the shutdown(8) command?

What happens if you type: `$ sudo /sbin/shutdown -p now`


----------



## pcbsd64 (Apr 12, 2012)

This works nicely for me


```
#!/bin/sh

ACTION=`zenity --width=90 --height=200 --list --radiolist --text="Select logout action" --title="Logout" --column "Choice" --column "Action" TRUE Shutdown FALSE Reboot FALSE Logout`

if [ -n "${ACTION}" ];then
  case $ACTION in
  Shutdown)
    zenity --question --text "Are you sure you want to halt?" && sudo /sbin/halt -p
    ;;
  Reboot)
    zenity --question --text "Are you sure you want to reboot?" && sudo /sbin/reboot
    ;;
  Logout)
    killall spectrwm
    ;;
   esac
fi
```

you can call this script with a key binding or launcher icon.


----------



## UNIXgod (Apr 12, 2012)

Okay I decided to test my theory on my home machine. As matoatlantis pointed out initially that I was correct on my initial assessment. I can confirm that it works now.

OP, this is simpler than using sudo and is native to the system.

Simply edit /etc/group like so and add your username (in this case I added mine) to the operator group:


```
babelfish# vim /etc/group

# $FreeBSD: release/9.0.0/etc/group 218046 2011-01-28 22:28:12Z pjd $
#
wheel:*:0:root,unixgod
daemon:*:1:
kmem:*:2:
sys:*:3:
tty:*:4:
operator:*:5:root,unixgod
mail:*:6:
bin:*:7:
news:*:8:
...
```

This is actually documented for future look into the handbook which has the simple url FreeBSD.org/handbook

direct link:
http://www.freebsd.org/doc/handbook/boot-shutdown.html



> 13.7 Shutdown Sequence
> 
> Upon controlled shutdown, via shutdown(8)(), init(8)() will attempt to run the script /etc/rc.shutdown, and then proceed to send all processes the TERM signal, and subsequently the KILL signal to any that do not terminate timely.
> 
> ...



Another note the operator group is also responsible for other hardware such as CD/DVD/Blu-Ray devices and probably USB/firewire et cetera. Anyone in that group will also be able to use those devices without need for permission or password.

If you need to script a policy you'll need to grok pw(8). Though this is overkill for what you ask I'm putting it here for future visitors to this thread once search engines pick it up. Once again the handbook is complete with a simple usage tutorial here:

http://www.freebsd.org/handbook/users-groups.html

Happy Hacking! ~


----------



## sw2wolf (Apr 13, 2012)

phoenix said:
			
		

> So ... you configure sudo(8) to be able to run shutdown(8) without a password ... but then you don't use sudo(8) to actually run the shutdown(8) command?
> 
> What happens if you type: `$ sudo /sbin/shutdown -p now`


It will want me to input password.

BTW, 

```
>id sw2wolf
uid=1001(sw2wolf) gid=1001(sw2wolf) groups=1001(sw2wolf),0([color="red"]wheel[/color]),5([color="Red"]operator[/color]),920(vboxusers)
```


----------



## phoenix (Apr 14, 2012)

Fix your sudoers(5) file, then.  Use *Cmnd_Alias* instead of specifying the commands directly after *NOPASSWD:*:

```
Cmnd_Alias SHUTDOWN=/sbin/shutdown -p now
Cmnd_Alias REBOOT=/sbin/shutdown -r now

%wheel ALL=NOPASSWD: SHUTDOWN,REBOOT
```

And then you should be able to (without being part of *operator* group, being only in the *wheel* group):
`$ sudo /sbin/shutdown -r now`


----------



## sw2wolf (Apr 14, 2012)

phoenix said:
			
		

> Fix your sudoers(5) file, then.  Use *Cmnd_Alias* instead of specifying the commands directly after *NOPASSWD:*:
> 
> ```
> Cmnd_Alias SHUTDOWN=/sbin/shutdown -p now
> ...



It works great! *T*thank you.


----------

