In an attempt to give employees an opportunity to shutdown the servers before the power goes out if I'm unreachable, I created a role with only Sys.Console and Sys.PowerMgmt permissions. I then made a "shutdown" group and a "shutdown" user and assigned the role to the group with the only user in it being "shutdown".
When I try using the "poweroff" command it says it can't be found(I'm assuming it is an alias that isn't accessible to this account). I was also unable to issue the command from the /sbin folder, "ssh -t shutdown@Node2-R610 '/sbin/shutdown' ", without getting:
I also added the Sys.Modify to the role with the same results. As you can see from the following the permissions seem to be granted to the user:
It doesn't show me the shutdown options in the web interface when on that account either, but the less the employees know about the server more secure I would feel so I'm just trying to get the console command working.
Am I missing a permission, or would it be easier if I changed the ownership of /sbin/shutdown to the "shutdown" group then add root to that group and see if it runs from there? I've read I could also add a "shutdown.allow" for access control, but it would need some ACL package. I didn't want to change that if there is a way to fix it without installing extra packages.
Edit: I was going to try editing the "sudoers" file(as per this thread), but it is non-existent and there is only a directory of /etc/sudoers.d with the file "zfs". Would I be able to add a file with an entry in here? Also, would there be a way to script it to shutdown multiple nodes with one remaining until the others are powered off, then shutting itself down? That way I can issue one command on one server and not have to worry about having someone login on each server to shut it down. It would also simplify the employees checking if the last VM host server has gone down so the NAS can be shutdown after everything accessing it is offline. A solution that works with a HA setup would be very helpful.
Any advice on the topic would be appreciated.
Thanks in Advance.
When I try using the "poweroff" command it says it can't be found(I'm assuming it is an alias that isn't accessible to this account). I was also unable to issue the command from the /sbin folder, "ssh -t shutdown@Node2-R610 '/sbin/shutdown' ", without getting:
I also added the Sys.Modify to the role with the same results. As you can see from the following the permissions seem to be granted to the user:
It doesn't show me the shutdown options in the web interface when on that account either, but the less the employees know about the server more secure I would feel so I'm just trying to get the console command working.
Am I missing a permission, or would it be easier if I changed the ownership of /sbin/shutdown to the "shutdown" group then add root to that group and see if it runs from there? I've read I could also add a "shutdown.allow" for access control, but it would need some ACL package. I didn't want to change that if there is a way to fix it without installing extra packages.
Edit: I was going to try editing the "sudoers" file(as per this thread), but it is non-existent and there is only a directory of /etc/sudoers.d with the file "zfs". Would I be able to add a file with an entry in here? Also, would there be a way to script it to shutdown multiple nodes with one remaining until the others are powered off, then shutting itself down? That way I can issue one command on one server and not have to worry about having someone login on each server to shut it down. It would also simplify the employees checking if the last VM host server has gone down so the NAS can be shutdown after everything accessing it is offline. A solution that works with a HA setup would be very helpful.
Any advice on the topic would be appreciated.
Thanks in Advance.
Last edited:
