|Summary:||RHL7.0 Any user can reboot or halt|
|Product:||[Retired] Red Hat Linux||Reporter:||mmv|
|Component:||usermode||Assignee:||Nalin Dahyabhai <nalin>|
|Status:||CLOSED DUPLICATE||QA Contact:||David Lawrence <dkl>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2006-02-21 18:47:47 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description mmv 2000-10-06 21:50:36 UTC
Hi! I just found an issue after installing RHL7.0 from your ISO image: Any user can execute the halt or reboot commands, even logged from the network, on a shell. Perhaps this only happens to me, or perhaps this is an intended feature, but as it has puzzled me I thought I'd better report it, just in case. My system: K7-750 on ASUS-K7V RHL7.0 64MB 20MB-HD If you need to know more just contact me. I'll be available during the weekend. And if it is NOT a bug, sorry for the nuisance. Manuel Moran. (Spain)
Comment 1 Nalin Dahyabhai 2000-10-06 21:54:14 UTC
When the user is logged in remotely, are they also simultaneously logged in at the console? The access checking does not check which terminal the user is on, just that he or she is also logged in on the console.
Comment 2 mmv 2000-10-07 14:42:42 UTC
YES! When the user is JUST logged in remotely but not from the console, halt and reboot prompt for a password. It seems like it is an intended feature. The change from the last version (6.2 in which they prompted always for password) made me think it was such a big bug. Thanks.
Comment 3 Peter van Egdom 2002-07-31 18:44:23 UTC
This (quite serious) bug is still present in Red Hat Linux - Limbo (beta 2) 7.3.93. Instead of a reboot or halting the system, the "halt" or "reboot" program should ask for the superuser password, when typed in by a regular user. ( I quote from the manpage of halt: "If you're not the superuser, you will get the message `must be superuser' " )
Comment 4 Leonard den Ottolander 2004-02-04 14:16:00 UTC
This bug can be closed "NOTABUG". This has been asked repeatedly. Since local users are able to pull the plug or push the power button there is no use to disallow them to shutdown the box cleanly from the command line. The man page might need fixing to reflect that the above is not true for local users due to the reasons I mentioned.
Comment 5 Miloslav Trmac 2004-02-04 23:03:28 UTC
*** This bug has been marked as a duplicate of 17882 ***
Comment 6 Red Hat Bugzilla 2006-02-21 18:47:47 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.