Bug 19526
Summary: | /usr/bin/reboot - ruh oh | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Need Real Name <jeff> |
Component: | usermode | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED NOTABUG | QA Contact: | David Lawrence <dkl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | chris, ignacio |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2000-10-23 01:49:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Need Real Name
2000-10-21 20:02:28 UTC
I suspect this isn't a bug. I bet the user running "reboot" is logged on either at a virtual console or on the X console, as well as via telnet/ssh If you can get a user who is ONLY logged on via telnet or ssh to do a reboot, that's a problem. well, i just tested it three more times, on three different machines. all users logged out.. i log in, under a normal user account, and type "reboot". it does. :) is that normal? Jeff oh, yeah.. i'm loggin into tty0. Jeff I am sure this is by design. When a user is logged in from the actual console either from X or from a regular login prompt, that normal use can reboot or halt the machine because of the symlink to consolehelper. Hence most standalone workstations. Persons logged in from remotely (ssh or telnet), unless they are root, cannot reboot or halt a machine. One way to check is to do a 'who' command and see if your name shows up in the list with a ttyX (can reboot) or a pts/X (cannot reboot). Does this answer help answer the issue? Heres the contents of /etc/pam.d/reboot: #%PAM-1.0 auth sufficient /lib/security/pam_rootok.so auth required /lib/security/pam_console.so #auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_permit.so Do you see the third line, the one that has "console" in it? Comment that out to disable "reboot" from the console. Repeat with any /etc/pam.d/.* files you require. Removing the reference to pam_console will allow users logged in anywhere to reboot the system. If you wish to prevent users who are logged in at the console from rebooting the system, you need to add the line "USER=root" to the file "/etc/security/console.perms/reboot" or remove the usermode package altogether. |