sudoers

Hi , I have the following entry in the /etc/sudoers file,

test ALL= NOPASSWD: /sbin/shutdown -r now

I have test user and test group created, but when I run sudo /sbin/shutdown -r now, I get the following output
[test@myserver etc]$ sudo /sbin/shutdown -r now
Broadcast message from root (pts/0) (Sun Jan 20 02:37:40 2008):

The system is going down for reboot NOW!


.... but the server doesn't reboot. Any thoughts?

Hi Mary,

You learn something new everyday... I'm not familiar with the sudoers file.
The next time I boot into linux civilization, I'll have to take a look at it (that is if it is part of fedora).

I am familiar with the shutdown command (duh) and scripts weird side effects.

First, not to insult your intelligence, but I gotta check the obvious first...
Your shutdown message is being executed from /dev/pts/0. I could be mistaken, but isn't that a pseudo tty (i.e. you're not logged into the console)? I thought the console tty's were /dev/tty/0 - 10 or /dev/pty/0 - 10. Shutdown messages won't (or very few) show up on a different tty where the server was booted from (where init's stdin/out/err go).

If you press the enter key a few times, does your terminal scroll the shutdown message? Logging in from a network connection (putty, ssh, telnet, etc...) would mean the network services are still running and the shutdown either exited prior to stopping the network or is hung up in a process before that. There could be a zombie process in that case. If so, you'll need to track down which one it is by analyzing the output of the ps command (i.e. ps -ef | less).

If you login to the boot console and execute telinit 6 does it reboot? Executing that command basically does the same thing as shutdown -r now, but bypassing the shutdown script altogether. It does go through all the /etc/rc[06].d/K* shutdown scripts, so if there is a zombie, telinit could hangup there. At least you'll be able to follow the message trail to see where it's hung up.

If telinit 6 works from the console, try shutdown -r now. If that works, then there's probably something in (or not) your login environment that causes shutdown to exit prematurely using sudo. I'd copy the shutdown script to something like /etc/test_shutdown and litter it with debug messages to see where in the script it's going south.

Let me know what you find out.

Aloha,
Doug

-- Nothing is impossible if I'mPossible

Originally posted by Doug Slattery:
Your shutdown message is being executed from /dev/pts/0. I could be mistaken, but isn't that a pseudo tty (i.e. you're not logged into the console)? I thought the console tty's were /dev/tty/0 - 10 or /dev/pty/0 - 10. Shutdown messages won't (or very few) show up on a different tty where the server was booted from (where init's stdin/out/err go).

pts0 might be a terminal on X, like xterm - at least it is for me.

@mary:
You could try
/sbin/reboot
instead, but I don't really believe this will work.

/etc/shutdown.allow is another place to look - but your modification to the sudoers-file should be sufficient.

pts0 might be a terminal on X, like xterm - at least it is for me.

That may be, but it's still not the boot tty, even if it is on the xconsole...

@mary:
You could try

code:

/sbin/reboot


instead, but I don't really believe this will work.

I don't recommend doing this. The reboot command reboots the system without going through the shutdown process. It's almost as bad as pressing the reset button on your server. If there are other users logged in, they won't be notified of the impending shutdown.

Aloha,
Doug

-- Nothing is impossible if I'mPossible

Am using putty to login to that box and issuing the sudo command from there. Also I don't see shutdown.allow file.....not sure where am wrong

I can't help with your particular, but I use the following line in my sudoers files:
# Members of the admin group may gain root privileges %admin ALL=(ALL) NOPASSWD: ALL
Some distros use 'adm' rather than 'admin' for the wheel group.

Of course, I never reboot my systems :-)

Originally posted by Doug Slattery:

pts0 might be a terminal on X, like xterm - at least it is for me.

That may be, but it's still not the boot tty, even if it is on the xconsole...

I'm sorry I don't understand "boot tty" and the relevance.
I may shutdown linux from a xterm shell, and did shutdown systems with ssh-terminal.

@Mary:
A shutdown.allow file might not be present, depending on your distribution/version.

Are you sure the server isn't rebooting?
The server will drop the connection to putty, so you might just see the last message of your session "The system is going down for reboot NOW!", or maybe some indication from putty "connection lost".
I don't know what's the normal behaviour of putty.

Did you try reconnecting to your server shortly after the message appears?
A few minutees later?

Hi Stefan,

I'm sorry I don't understand "boot tty" and the relevance.
I may shutdown linux from a xterm shell, and did shutdown systems with ssh-terminal.

Fair enough...
The boot tty is where system messages are sent during startup and shutdown (besides /var/log/messages among other places). If I was having problems shutting down, a natural troubleshooting method I would use would be to monitor the shutdown messages to see where in the process it's hanging up. I use the term "boot tty" in part from the good old days of unix and that the standard linux console has several multi-screens of which only one displays the startup and shutdown messages.

Also, monitoring the boot tty will allow you to see if the system is really hung, or has rebooted and you just didn't see it from your disconnected putty session.

As far as the "connection lost" message, it depends on how putty is configured. I have mine normally set with watch dog enabled, so I get the message when the network times out. Otherwise, it will sit there until you press a key after the network times out before giving the message.

Aloha,
Doug

-- Nothing is impossible if I'mPossible

@Doug: I appreciate your comment.
I thought you recommended to shutdown from tty1 - it would be more reliable.
Yes, the logs would be interesting, if it's not an error in perception.