Re: Preventing users from shuting down the system

From: Owen Taylor <otaylor redhat com>
To: famrom idecnet com (Guillermo S. Romero / Familia Romero)
Cc: gnome-list gnome org
Subject: Re: Preventing users from shuting down the system
Date: 25 Jan 2000 22:08:27 -0500


[ straying further and further off topic ... ]

> And what drives me crazy is that the damn shutdown trick does not honour the
> /etc/shutdown.allow (IIRC the name) file. It overrides true shutdown, thus
> causing a security hole.
> 
> One of my users did that, that is the way I learned about al this. Of course
> the links have been removed, but I am still asking myself who had the idea
> to create a shutdown wrapper that does not works as true shutdown (it seems
> more a workarround than a wrapper). It is like placing less with suid so
> users can watch /etc/shadow.

Perhaps that analogy is going a bit far....

Anyways, it wouldn't be a very convenient setup to have shutdown
on the logout screen only work after the user edited 
/etc/shutdown.allow. And note that we aren't setting up the
default Red Hat install to be used in a 100% locked down
cluster.

We are setting it up to be reasonably convenient to use for
the average user installing it - who most likely does have
a power switch on their case. We figure paranoid sysadmins
(;-) are more able to customize things to suit their taste
than the average user.

But, anyways, you should be able to get your desired behavior (which
is not the behavior of /sbin/shutdown exactly anyways) pretty simply
with pam_listfile.so.

Regards,
                                        Owen

References:
- Re: Preventing users from shuting down the system
  - From: Guillermo S. Romero / Familia Romero

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]