Re: Preventing users from shuting down the system
- From: "James M. Cape" <jcape jcinteractive com>
- To: Sebastian Dransfeld <sebastid stud ntnu no>
- CC: hinsen dirac cnrs-orleans fr, gnome-list gnome org
- Subject: Re: Preventing users from shuting down the system
- Date: Tue, 25 Jan 2000 10:21:50 -0600
Sebastian Dransfeld wrote:
>
> On Tue, 25 Jan 2000 hinsen@dirac.cnrs-orleans.fr wrote:
>
> > With a recent update to RedHat Linux 6.1, I also installed GNOME
> > and I am generally very pleased with it. However, there is one
> > severe security problem that would force me to uninstall GNOME
> > if there is no way to solve it. With the GNOME display manager,
> > any user can shut down or reboot the system, supplying nothing but
> > his own password. This is even listed as a "feature" in the
> > (scarce) description of gdmlogin! On a multiuser system, it should
> > be impossible to shut down the machine without supplying the
> > root password.
>
> In /etc/X11/gdm/gdm.conf there is a line:
>
> SystemMenu=1
>
> in the [greeter] section, make this 0, and the reboot/halt menu will
> disappear from gdmlogin.
>
> seb
This feature also appears when you hit the logout button in GNOME. The
correct solution is to change the RedHat PAM configuration to disallow
normal users access to shutdown, no matter where they are (AFAIK, the
default setup is to allow console users to shut down the system, because
the console should be *physically* secure, making all console users
automatically trusted).
AFAICT, the default setup is taking advantage of a Linux feature,
because it is assumed that you will be running X Terminals for
kiosk/physically insecure applications, while keeping the console locked
in a closet.
Jim Cape
http://www.jcinteractive.com
"Men occasionally stumble over the truth, but most of them
pick themselves up and hurry off as if nothing had happened."
-- Winston Churchill
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
