For DICE office desktop machines any user may power-off or reboot when they are on the console (i.e. logged into the machine which is sat in front of them). Beyond this (e.g. when logged in via ssh) we have traditionally required root access for a reboot or power-off operation. This is particularly inconvenient for a user who may need to reboot their own desktop machine remotely outside of normal support hours. This often occurs when a software update requires a reboot and the user wants to do it at a time of their choosing rather than wait for the automatic reboot to be forced by the system.
We have now added user authorization for the
reboot commands. Due to the way in which the authorization system works, the commands to be used are in the
/usr/bin directory NOT in
/sbin. Normally just the command name is sufficient but if you have an unusual
PATH variable ordering you may have to issue the full paths to the commands.
Note that only the user to which a machine has been allocated may issue these commands. If you are unsure whether you have been allocated a particular machine you can query the information known to LCFG like this:
[finlaggan]: qxprof sysinfo.allocated allocated=example
example should be your DICE username.
If you think the machine allocation is incorrect you should contact User Support via the normal request form.
Currently (as of August 2011) it is not possible to extend the authorization to other users beyond the allocated user but we hope to make the system more flexible in the future.
For those interested this authorization is done using the Redhat consolehelper system and PAM configurations which use the pam_access module.