Halt user, Shutdown user and CAP_SYS_BOOT

[Nick]

I have the need to enable (and make work) the shutdown and halt
accounts. I set a password for these accounts and tried to use them and
got the expected "you must be root" a colleague pointed out that I might
need the CAP_SYS_BOOT capability turned on. After an hour of Googling on
something that relates to CAP_SYS_BOOT but it wasn't very helpful.
I am not sure how widely used this is. If you do a man on
"capabilities" you will find some info, but not really enough to get you
going. There are a couple instructions which form a sort of API, but
that is it.

Anyone have this working and can give me advice on it

For those of you who want to ask, why would you ever want to do this?

The purpose of the built-in halt and shutdown accounts were originally
to give someone, you trust enough to be able to know when to shutdown
the system, but not enough to let him login, the ability to shut down a
server. A secondary function of these was a remote shutdown that didn't
require any thought on the users part! You gave him/her the password and
said, "If you need to shut the machine down for any reason, telnet into
the machine with "this" account and it will shut itself down. In this
manner, you didn't have to give the user physical access to the server.



Nix

-- 
Nick Gray
Senior Systems Engineer
Bruzenak Inc
Office: 512-331-7998
Cell: 512-630-7009