From b32d06fbe797cd39cc19f62bda8a698effe7c0ea Mon Sep 17 00:00:00 2001
From: Laurentiu Palcu <laurentiu.palcu@intel.com>
Date: Wed, 3 Jul 2013 17:02:49 +0300
Subject: sysvinit: allow users in shutdown group to perform halt/reboot

For this to happen:
 * 'shutdown' group has been created;
 * changed ownership group for /sbin/halt and /sbin/shutdown to 'shutdown';
 * deny execution rights to other users except 'root' and those belonging
   to 'shutdown' group;
 * set setuid bit to both apps;

So, basically, in order for a normal user to be able to shutdown/reboot
the machine, it must be a member of 'shutdown' group.

Other changes:
 * fixed identation for 2 lines that used spaces instead of tabs;

[YOCTO #4345]

Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
---
 meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'meta/recipes-core/sysvinit')

diff --git a/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb b/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb
index e64b67a683..784d538ea2 100644
--- a/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb
+++ b/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb
@@ -25,7 +25,7 @@ SRC_URI[sha256sum] = "60bbc8c1e1792056e23761d22960b30bb13eccc2cabff8c7310a01f4d5
 S = "${WORKDIR}/sysvinit-${PV}"
 B = "${S}/src"
 
-inherit update-alternatives
+inherit update-alternatives useradd
 DEPENDS_append = " update-rc.d-native"
 
 ALTERNATIVE_${PN} = "init mountpoint halt reboot runlevel shutdown poweroff last mesg utmpdump wall"
@@ -54,6 +54,9 @@ ALTERNATIVE_LINK_NAME[sulogin.8] = "${mandir}/man8/sulogin.8"
 ALTERNATIVE_LINK_NAME[utmpdump.1] = "${mandir}/man1/utmpdump.1"
 ALTERNATIVE_LINK_NAME[wall.1] = "${mandir}/man1/wall.1"
 
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM_${PN} = "--system shutdown"
+
 PACKAGES =+ "sysvinit-pidof sysvinit-sulogin"
 FILES_${PN} += "${base_sbindir}/* ${base_bindir}/*"
 FILES_sysvinit-pidof = "${base_bindir}/pidof.sysvinit ${base_sbindir}/killall5"
@@ -87,6 +90,9 @@ do_install () {
 	install -m 0755    ${WORKDIR}/bootlogd.init     ${D}${sysconfdir}/init.d/bootlogd
 	ln -sf bootlogd ${D}${sysconfdir}/init.d/stop-bootlogd
 
-        update-rc.d -r ${D} bootlogd start 07 S .
-        update-rc.d -r ${D} stop-bootlogd start 99 2 3 4 5 .
+	update-rc.d -r ${D} bootlogd start 07 S .
+	update-rc.d -r ${D} stop-bootlogd start 99 2 3 4 5 .
+
+	chown root.shutdown ${D}${base_sbindir}/halt ${D}${base_sbindir}/shutdown
+	chmod o-x,u+s ${D}${base_sbindir}/halt ${D}${base_sbindir}/shutdown
 }
-- 
cgit 1.2.3-korg