For a desktop setup, I should like to provide /all/ users with a menu
item to turn off the machine. In the default configuration of FreeBSD, however, only a privileged user (e.g. root) can invoke the necessary
command (`poweroff'). This user may be substited for the current user
identity with the `su' command, but only if the current user is a member
of the `wheel' group, and even in that case he still needs to type the
target user's password, and `su' does not seem to accept the password
on standard input.

What is the correct method of providing any use with the right to turn
the machine off wihout having to type any password?
--- Synchronet 3.19b-Linux NewsLink 1.113

I'd use 'doas'.
--
I do not bite, I just want to play.
--- Synchronet 3.19b-Linux NewsLink 1.113

On 2024-10-05, Anton Shepelev <ant@tilde.culb> wrote:

For a desktop setup, I should like to provide /all/ users with a menu
item to turn off the machine. In the default configuration of FreeBSD, however, only a privileged user (e.g. root) can invoke the necessary
command (`poweroff'). This user may be substited for the current user identity with the `su' command, but only if the current user is a member
of the `wheel' group, and even in that case he still needs to type the
target user's password, and `su' does not seem to accept the password
on standard input.

What is the correct method of providing any use with the right to turn
the machine off wihout having to type any password?

You could use 'sudo'. User can run poweroff without asking for passed.
After that set the alias 'alias poweroff='sudo poweroff' system wide.

This /etc/sudoers entry should work:
Run 'visudo' to access the file.

<your_username> ALL = (ALL) NOPASSWD:/usr/sbin/poweroff

--- Synchronet 3.19b-Linux NewsLink 1.113

Fenris <fenris@invalid.invalid> wrote:

<your_username> ALL = (ALL) NOPASSWD:/usr/sbin/poweroff

'poweroff' should[TM] take no args, but what if future versions do?

With 'doas' I thin I know how to forbid args in such definitions, and I
suspect 'sudo' can do so too, but its configuration and the related man
page is typical GNU style overkill and I doubt I would even understand
what I read there.

That's why I'm migrating to 'doas'.
--
4. Hitchhiker 11:
(72) "Watch the road!'' she yelped.
(73) "Shit!"
--- Synchronet 3.19b-Linux NewsLink 1.113

Fenris <fenris@invalid.invalid> wrote:

On 2024-10-05, Anton Shepelev <ant@tilde.culb> wrote:

For a desktop setup, I should like to provide /all/ users with a menu
item to turn off the machine. In the default configuration of FreeBSD,
however, only a privileged user (e.g. root) can invoke the necessary
command (`poweroff'). This user may be substited for the current user
identity with the `su' command, but only if the current user is a member
of the `wheel' group, and even in that case he still needs to type the
target user's password, and `su' does not seem to accept the password
on standard input.

What is the correct method of providing any use with the right to turn
the machine off wihout having to type any password?

You could use 'sudo'. User can run poweroff without asking for passed.
After that set the alias 'alias poweroff='sudo poweroff' system wide.

This /etc/sudoers entry should work:
Run 'visudo' to access the file.

<your_username> ALL = (ALL) NOPASSWD:/usr/sbin/poweroff

Yes, I like it because it seems to offer a finer-grained control
of who can do what than `doas'. But both `sudo' and `doas' are
not installed by defalt. It is not a problem, but wondered what
one could do with the default tools.
--- Synchronet 3.19b-Linux NewsLink 1.113