Johnathan Kupferer johnathan at
Fri Nov 21 15:27:21 UTC 2003

Felipe Alfaro Solana wrote:

>On Wed, 2003-11-19 at 22:57, Jorge L.Martin C. wrote:
>>--What I need--
>>I can suspend with apm -s as root, how can I suspend as user?
>as root:
>chmod +s /usr/bin/apm
>Then, enable the apmd daemon
>chkconfig --level 345 apmd on
>service apmd start
>Now, you'll be able to "apm -s" as a normal user.

I don't know if this is really a great idea.  SUID on /usr/bin/apm will 
allow anyone to cause the machine to go into suspend mode.  So a 
security breach in any service (a careless CGI script for example) would 
let an attacker put the machine into suspend mode, a pretty successful 
DOS.  Given, on a laptop it's probably not a big deal, but it still just 
kinda feels wrong IMHO.

What I've been using on my laptop, a Toshiba Satellite 2400, is to add 
the line:

%users ALL=(root) NOPASSWD: /usr/bin/apm -s

to my /etc/sudoers file so I can use "sudo apm -s" and it works only for 
users that belong to the group "users".  I also found it helpful to add 
a button in KDE to call this so I don't even have to open a terminal.

- Johnathan

More information about the fedora-list mailing list