diff options
| author | Laurentiu Palcu <laurentiu.palcu@intel.com> | 2013-07-03 17:02:49 +0300 |
|---|---|---|
| committer | Saul Wold <sgw@linux.intel.com> | 2013-07-09 07:56:11 -0700 |
| commit | b32d06fbe797cd39cc19f62bda8a698effe7c0ea (patch) | |
| tree | 42c8472e81f04bccfdcda33eb30219e7bf7cac26 /meta | |
| parent | a57e4253c5e7d32702e32df5ec3ad007075a199f (diff) | |
| download | openembedded-core-b32d06fbe797cd39cc19f62bda8a698effe7c0ea.tar.gz openembedded-core-b32d06fbe797cd39cc19f62bda8a698effe7c0ea.tar.bz2 openembedded-core-b32d06fbe797cd39cc19f62bda8a698effe7c0ea.zip | |
sysvinit: allow users in shutdown group to perform halt/reboot
For this to happen:
* 'shutdown' group has been created;
* changed ownership group for /sbin/halt and /sbin/shutdown to 'shutdown';
* deny execution rights to other users except 'root' and those belonging
to 'shutdown' group;
* set setuid bit to both apps;
So, basically, in order for a normal user to be able to shutdown/reboot
the machine, it must be a member of 'shutdown' group.
Other changes:
* fixed identation for 2 lines that used spaces instead of tabs;
[YOCTO #4345]
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Diffstat (limited to 'meta')
| -rw-r--r-- | meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb b/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb index e64b67a683..784d538ea2 100644 --- a/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb +++ b/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb @@ -25,7 +25,7 @@ SRC_URI[sha256sum] = "60bbc8c1e1792056e23761d22960b30bb13eccc2cabff8c7310a01f4d5 S = "${WORKDIR}/sysvinit-${PV}" B = "${S}/src" -inherit update-alternatives +inherit update-alternatives useradd DEPENDS_append = " update-rc.d-native" ALTERNATIVE_${PN} = "init mountpoint halt reboot runlevel shutdown poweroff last mesg utmpdump wall" @@ -54,6 +54,9 @@ ALTERNATIVE_LINK_NAME[sulogin.8] = "${mandir}/man8/sulogin.8" ALTERNATIVE_LINK_NAME[utmpdump.1] = "${mandir}/man1/utmpdump.1" ALTERNATIVE_LINK_NAME[wall.1] = "${mandir}/man1/wall.1" +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM_${PN} = "--system shutdown" + PACKAGES =+ "sysvinit-pidof sysvinit-sulogin" FILES_${PN} += "${base_sbindir}/* ${base_bindir}/*" FILES_sysvinit-pidof = "${base_bindir}/pidof.sysvinit ${base_sbindir}/killall5" @@ -87,6 +90,9 @@ do_install () { install -m 0755 ${WORKDIR}/bootlogd.init ${D}${sysconfdir}/init.d/bootlogd ln -sf bootlogd ${D}${sysconfdir}/init.d/stop-bootlogd - update-rc.d -r ${D} bootlogd start 07 S . - update-rc.d -r ${D} stop-bootlogd start 99 2 3 4 5 . + update-rc.d -r ${D} bootlogd start 07 S . + update-rc.d -r ${D} stop-bootlogd start 99 2 3 4 5 . + + chown root.shutdown ${D}${base_sbindir}/halt ${D}${base_sbindir}/shutdown + chmod o-x,u+s ${D}${base_sbindir}/halt ${D}${base_sbindir}/shutdown } |