Bug 18576

Summary: RHL7.0 Any user can reboot or halt
Product: [Retired] Red Hat Linux Reporter: mmv
Component: usermodeAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED DUPLICATE QA Contact: David Lawrence <dkl>
Severity: high Docs Contact:
Priority: high    
Version: 7.0CC: leonard-rh-bugzilla
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-21 18:47:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description mmv 2000-10-06 21:50:36 UTC
Hi!

I just found an issue after installing RHL7.0 from your ISO image:

Any user can execute the halt or reboot commands, even logged from the
network, on a shell. Perhaps this only happens to me, or perhaps this is
an intended feature, but as it has puzzled me I thought I'd better report
it, just in case.

My system: K7-750 on ASUS-K7V RHL7.0 64MB 20MB-HD

If you need to know more just contact me. I'll be available during the
weekend.

And if it is NOT a bug, sorry for the nuisance.

Manuel Moran. (Spain)

Comment 1 Nalin Dahyabhai 2000-10-06 21:54:14 UTC
When the user is logged in remotely, are they also simultaneously logged in at
the console?  The access checking does not check which terminal the user is on,
just that he or she is also logged in on the console.

Comment 2 mmv 2000-10-07 14:42:42 UTC
YES! When the user is JUST logged in remotely but not from the console, halt and
reboot prompt for a password.

It seems like it is an intended feature. The change from the last version (6.2
in which they prompted always for password) made me think it was such a big bug.

Thanks.

Comment 3 Peter van Egdom 2002-07-31 18:44:23 UTC
This (quite serious) bug is still present in 
Red Hat Linux - Limbo (beta 2) 7.3.93.

Instead of a reboot or halting the system, the "halt" or "reboot" program
should ask for the superuser password, when typed in by a regular user.

(
I quote from the manpage of halt:

 "If you're not the superuser, you will get the message `must be superuser' "
)


Comment 4 Leonard den Ottolander 2004-02-04 14:16:00 UTC
This bug can be closed "NOTABUG". This has been asked repeatedly.
Since local users are able to pull the plug or push the power button
there is no use to disallow them to shutdown the box cleanly from the
command line.

The man page might need fixing to reflect that the above is not true
for local users due to the reasons I mentioned.


Comment 5 Miloslav Trmac 2004-02-04 23:03:28 UTC

*** This bug has been marked as a duplicate of 17882 ***

Comment 6 Red Hat Bugzilla 2006-02-21 18:47:47 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.