Re: Preventing users from shuting down the system



>Someone else has already shown you how to remove this feature, but let
>me offer a little perspective.

The other thing that guys must do is to remove / rename halt, shutdown and
any other command that appears under /usr/bin. They are not real commands
but links to /usr/bin/userhelper or something like that.

Another way, I believe, is to change the PAM config under /etc/pam.d/ or
/etc/security/ (I am away from a RH machine now, so I can not tell you which
one exactly, sorry, and I am learning PAM, btw).

>If someone is at the console, they can (and alarmingly often do) hit
>the power switch, jab the reset button, or hit C-A-DEL.  With physical
>access, if someone wants to shut down or reboot the system, they're
>going to do so.  This just gives them a safe way of doing it.

You can remove switches from easily user accesible zones. You can disable
C-A-D and SysReq (I talk about Linux here, dunno if others have SysReq
feature). You can even place the box in a secure "box" (lock, not just
screws, maybe different room) but the monitor, mouse and keyboard can be
placed outside, where everybody can touch it. Sometimes you do not have
money for X-terminals.

That is how I have a machine, only extended power fails (accident or a guy
hitting the area switches or pulling the cord) or person opening the box
(screws) can bring it down. Obviously that is not what normal user do, at
least without thinking, getting tools (maybe breaking a lock) and reading
the warning adhesives, then performing the action. I doubt that can be
reflex based like entering the password when asked.

And what drives me crazy is that the damn shutdown trick does not honour the
/etc/shutdown.allow (IIRC the name) file. It overrides true shutdown, thus
causing a security hole.

One of my users did that, that is the way I learned about al this. Of course
the links have been removed, but I am still asking myself who had the idea
to create a shutdown wrapper that does not works as true shutdown (it seems
more a workarround than a wrapper). It is like placing less with suid so
users can watch /etc/shadow.

I am also learning PAM, cos it seems that security improvements cause more
holes than expected, I do not want to be catched again (and fix the problem
via PAM instead of links, I think it is doable and more elegant).

GSR
 
PS: I tested the "password" reflex, it is a true reflex, try hitting and
space at a login prompt (text console), watch how the user enters username
and password quickly, without paying attention to the screen (most of times
it will reveal the password). About X the same, he saw "password" and he
typed it, did not though at all... well, as soon as he saw the machine
reboot he though a bit.
 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]