When the system is booting, everything is fine, since I can first run the init scripts (mounting the fs's, starting daemons, etc.), then I can apply a strict ACL system which only covers the running daemons (and not the starting up, which often needs more rights and capabilities). There is a small insecurity here, because the daemons run for a few moments without ACL protection, but I can live with it (unless, of course, someone can recommend something better).
When shutting down, however, I cannot see any solution like this. I think it would be nice, if in admin mode, gradm -D would not prompt for a password, because then the first rc script could unload the ACLs (otherwise it waits for a password on the console which may not be accessible). I had a few other ideas, but they don't really work: inheritance does not work, because on e.g. SuSE, there are many nested levels of scripts running (it would even be very tedious to configure with nested ACLs); and giving out all the rights necessary without inheritance would make the ACL system much less secure. Perhaps my most useable idea is to write a script instead of shutdown (and halt, reboot, poweroff) that first runs (and authenticates) gradm -D, then execs the real shutdown. But it has its drawbacks as well.
Does anybody have any advice for me?
Thanks in advance,
Akos