Bug 152125
Summary: | Any non-root user can do "reboot" or "shutdown" | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | masanari iida <masanari_iida> |
Component: | pam | Assignee: | Tomas Mraz <tmraz> |
Status: | CLOSED NOTABUG | QA Contact: | Jay Turner <jturner> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4.0 | CC: | srevivo |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-03-25 08:36:26 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
masanari iida
2005-03-25 02:54:47 UTC
Correction. "reboot" and "halt" commands are affected. If I do "shutdown" from non-root user, it is blocked. ( shutdown: must be superuser ) This is expected behaviour - to be able to reboot/halt the machine you don't have to be superuser, you must have obtained the console lock only. You can try if you are logged on using gdm/text login as a first user and then you log in as another user - the second user cannot reboot the machine. So this policy in /etc/pam.d/reboot(halt) is fine in case the machine is used as a normal workstation or a server either without normal users or without console access for normal users. Of course in case of multiuser machine with console access for normal users it's necessary for administrator of the machine to change this (as you done). |