Re: Preventing users from shuting down the system

[Konrad Hinsen <hinsen cnrs-orleans fr>]

> This feature also appears when you hit the logout button in GNOME. The
> correct solution is to change the RedHat PAM configuration to disallow
> normal users access to shutdown, no matter where they are (AFAIK, the
> default setup is to allow console users to shut down the system, because
> the console should be *physically* secure, making all console users
> automatically trusted).

Indeed. I changed the PAM configuration and now clicking on the
"reboot" button merely restarts gdm.

Of course one can argue that as long as a machine is physically
accessible, anyone can pull the power plug anyway, so they might as
well be allowed to do a proper shutdown. But I am not so much worried
about malicious people, but about users who don't know much about Unix
and, in an experimental mood, just want to find out what this "reboot"
button does.

> AFAICT, the default setup is taking advantage of a Linux feature,
> because it is assumed that you will be running X Terminals for
> kiosk/physically insecure applications, while keeping the console locked
> in a closet.

I suspect that the most usual setup for a Linux system is having
exactly one user, sitting at the console.

Thanks to all who helped me solve this problem, and I hope that future
GNOME installations will be more security conscious.

Konrad.
-- 
-------------------------------------------------------------------------------
Konrad Hinsen                            | E-Mail: hinsen@cnrs-orleans.fr
Centre de Biophysique Moleculaire (CNRS) | Tel.: +33-2.38.25.55.69
Rue Charles Sadron                       | Fax:  +33-2.38.63.15.17
45071 Orleans Cedex 2                    | Deutsch/Esperanto/English/
France                                   | Nederlands/Francais
-------------------------------------------------------------------------------