10483 – Any user may cause a remote shutdown of the system.

Bug 10483 - Any user may cause a remote shutdown of the system.

Summary: Any user may cause a remote shutdown of the system.

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	initscripts
Sub Component:
Version:	6.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	low
Target Milestone:	---
Assignee:	Bill Nottingham
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2000-03-31 16:55 UTC by Juan Hierro
Modified:	2014-03-17 02:13 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2000-03-31 16:57:17 UTC
Embargoed:

Attachments	(Terms of Use)

Description Juan Hierro 2000-03-31 16:55:50 UTC

I am not sure whether this is a bug or a system characteristic but in
all versions from 5.1 up to 6.1 (the only ones I have used) and in
alpha and i386 platforms there are two different routes to the shutdown
command. The first is /sbin/shutdown and causes no problem (only root
or CTRL+ALT+DEL may run it); however the other command: /usr/bin/shutdown
may be called by all users (even remotely) with the only condition of
being asked for their password before executing.

 One can easily imagine the headaches it has caused for the last days
in our department which has an NFS server for more than fourty users,
two of them newbies used to turn off Windows when loging out and who
had in their PATH /usr/bin but no /sbin.

 Once you know, it looks easy to solve.

Comment 1 Bill Nottingham 2000-03-31 16:57:59 UTC

This is a feature of pam_console ; see 'man pam_console'
for more info.

Note You need to log in before you can comment on or make changes to this bug.