1

I need to ability to halt an aws EC2 server as user. I found https://www.cyberciti.biz/tips/howto-linux-allow-users-to-shutdown-server.html but due to the fact that I need this feature on an aws EC2 instance, I don't have a static hostname, so I tried:

ubuntu ALL=(ALL:ALL) ALL=/sbin/halt /sbin/reboot

but that got me:

>>> /etc/sudoers: syntax error near line 21 <<<
What now?     
Options are:
  (e)dit sudoers file again
  e(x)it without saving changes to sudoers file
  (Q)uit and save changes to sudoers file (DANGER!)

how can I solve this correctly?

annahri
  • 2,075
BitFreak
  • 225

2 Answers2

3

I think you're looking for:

ubuntu ALL=/sbin/halt, /sbin/reboot

This is identical to:

ubuntu ALL=(ALL:ALL) /sbin/halt, /sbin/reboot

Generally, you should always use visudo to edit your sudoers configuration, because it performs a syntax check on the file before placing it in the final location.

See the sudoers(5) man page for complete documentation, including a long list of documented examples.

If your question is "how do I recover from this situation", if you are not able to log in directly as root, then your best option is probably to delete the EC2 instance and create a new one.

larsks
  • 34,737
2

If you're using the AWS CLI, as a user you can do (on the instance itself):

aws ec2 reboot-instances --instance-ids $(curl -s http://instance-data/latest/meta-data/instance-id)

See this discussion on getting the EC2 ID from within the instance itself.

If you want to test to see if you have the required permissions before running, try including the --dry-run flag:

--dry-run | --no-dry-run (boolean)

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

For context, see this discussion on the difference between halt, shutdown, reboot, etc.

enharmonic
  • 702