Putting a command/script as a user's shell

[Karol Kwiatkowski]

Good day everyone,

I'm trying to make it possible to restart (as in 'shutdown -r now') a
FreeBSD based router from LAN network as easy as possible so it can be
used by non-technical people.

I'm sure some will ask why would I need that - it's an USB modem
connecting to ADSL line that locks up sometimes and all my attempts to
make it restart itself have failed.

I came up with this idea:

- add another user to the system, let it be 'restart'
- add 'restart' to group operator
- let 'restart' to login through SSH from LAN with a key (passwords
forbidden)
- put a restart command as it's shell (so it automagically restarts
the router)

Does that sound reasonably? Security is not an issue, it's "secure
enough" for me.


OK, now for technical question. I realise I cannot put arguments to
the command in the "shell area" in passwd file, so I wrote a short script:

$ cat /home/restart/restart.sh
#!/bin/sh
/sbin/shutdown -r now
$ ls -l /home/restart/restart.sh
-rwx------  1 restart  restart  33 Sep 11 15:24


put that as restart's user shell:

# grep restart /etc/master.passwd
restart:*:1017:1017::0:0:restart:/home/restart:/home/restart/restart.sh


and tried locally but it's not working:

# su - restart
su: /home/restart/restart.sh: Permission denied


I'm not sure where 'Permission denied' come from. Setup looks to be
OK, here's what I get with /usr/bin/id as a shell:

# su - restart
uid=1017(restart) gid=1017(restart) groups=1017(restart), 5(operator)


I'm sure I'm missing something here. Anyone have some pointers?

Cheers,

Karol

-- 
Karol Kwiatkowski  <freebsd at orchid dot homeunix dot org>
OpenPGP: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060911/4dea3ee9/signature.pgp