Bug 10483 - Any user may cause a remote shutdown of the system.
Summary: Any user may cause a remote shutdown of the system.
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: initscripts   
(Show other bugs)
Version: 6.0
Hardware: All Linux
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2000-03-31 16:55 UTC by Juan Hierro
Modified: 2014-03-17 02:13 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-03-31 16:57:17 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Juan Hierro 2000-03-31 16:55:50 UTC
I am not sure whether this is a bug or a system characteristic but in
all versions from 5.1 up to 6.1 (the only ones I have used) and in
alpha and i386 platforms there are two different routes to the shutdown
command. The first is /sbin/shutdown and causes no problem (only root
or CTRL+ALT+DEL may run it); however the other command: /usr/bin/shutdown
may be called by all users (even remotely) with the only condition of
being asked for their password before executing.

 One can easily imagine the headaches it has caused for the last days
in our department which has an NFS server for more than fourty users,
two of them newbies used to turn off Windows when loging out and who
had in their PATH /usr/bin but no /sbin.

 Once you know, it looks easy to solve.

Comment 1 Bill Nottingham 2000-03-31 16:57:59 UTC
This is a feature of pam_console ; see 'man pam_console'
for more info.

Note You need to log in before you can comment on or make changes to this bug.