I would like to add an user with reboot permission ONLY.

But in your User Manager, the "access" permission says:

Access - Ability to manage this Linode, including boot/shutdown, deploying, deleting images, etc

It allows the user to "deploying, deleting images" besides boot and shutdown. Is it possible to separate them? Thanks.

You can set this up within your linode. For example, add to /etc/sudoers:

username ALL = /usr/sbin/reboot

Now that user can sudo /usr/sbin/reboot (but not anything else)

Note that lassie must be enabled to bring the system back up.

You can also create a ssh key that's only allowed to trigger a reboot. Make sure root logins are enabled for ssh keyed logins (password login can and should be disabled), and add to /root/.ssh/authorized_keys:

command="/usr/sbin/reboot" ssh-rsa [your key here]

Then a ssh -i (private key) root@yourlinode will trigger a reboot.

Thanks bdonlan.

But I'm not talking about the linux account within the linode.

What I mean is the Linode User Manager at:

https://www.linode.com/members/user/

If the system is not responding, I need someone to reboot it for me.
But allowing him to "deploying, deleting images" is a bad idea.

Perhaps you could pull off bdonlan's second trick using Lish.

View Lish documentation here: http://www.linode.com/wiki/index.php/LISH

You can issue a "reboot" command from Lish, which has the same effect has hitting the reboot button in the Linode Manager.

Thanks hybinet.

But I still like to have an account with read-only access to my linode, at least can see the graph and stats.

+1 for reboot and looking at graphs.

Same here, and make it as idiot proof as possible. The community I host has several reliable forum (phpBB) moderators but they aren't server admins and don't even know what SSH is... If they could simply login to the CP, check the CPU and RAM graphs, and hit reboot that would be great.

After one year, I still need this feature.

Access - Ability to manage this Linode, including boot/shutdown, deploying, deleting images, etc

The "Access" permission should be divided into three permissions:

Permission A ~ read-only access to linodes (examine stats)
Permission B ~ reboot the linode
Permission C ~ deploying, deleting the linode images

Thanks!

Agreed and would like this functionality as well - as it is now, I can't give anyone else access to the panel for fear of them doing more than just rebooting!

+1 for reboot and looking at graphs.

this would be great!

You can already set up a reboot-only (or more specifically, Lish-only) user using Lish SSH keys.

Thanks,
-Chris

So the idea is to give somebody your Lish SSH keys, but not an account for the server itself? That sort of works, although then you've got to make sure that if you do use lish to log in, you remember to log out again.

If that user only reboots the server, would they need to log out of lish? Why not leave the lish session open?

James

Lish is a persistent console. If I give you lish-only access, on a freshly booted machine, that gives you access to various lish functions like rebooting, but you can't actually access the machine itself without a system username/password.

However, if I were to connect to lish, log in as root, and then disconnect from lish, the system's serial console would sit there logged in as root. If you connected to lish, you would have root access to the box.

For this reason, if you give somebody lish access, you have to be extra careful about not leaving open login sessions lying about when you disconnect from lish, lest the lish-only user gain full access to the system. This might sound silly, but there are various reasons why one might do this. For example, one useful trick when diagnosing certain OOM or crashing issues is to leave some diagnostic program like 'top' running so that when the machine locks up, you can log into lish and see the last thing it reported. Another possibility is that you were doing some work via lish when you lost connectivity. And, of course, there's always the chance that somebody logs into lish at the same time you're already connected and doing work.

In short, giving out a lish-only login to allow somebody to reboot the box is only viable if you *never* use lish to actually connect to the machine, essentially "disabling" lish in that you can never risk to use it.

No one's mentioned the API, you could have a script that has a button called "reboot" which reboots the linode using the api, as long as the script is stored in a remote location where the untrusted user doesn't have write access then all they can do is reboot.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue