Bug 18576 - RHL7.0 Any user can reboot or halt
Summary: RHL7.0 Any user can reboot or halt
Status: CLOSED DUPLICATE of bug 17882
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: usermode
Version: 7.0
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2000-10-06 21:50 UTC by mmv
Modified: 2006-02-21 18:47 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2006-02-21 18:47:47 UTC

Attachments (Terms of Use)

Description mmv 2000-10-06 21:50:36 UTC

I just found an issue after installing RHL7.0 from your ISO image:

Any user can execute the halt or reboot commands, even logged from the
network, on a shell. Perhaps this only happens to me, or perhaps this is
an intended feature, but as it has puzzled me I thought I'd better report
it, just in case.

My system: K7-750 on ASUS-K7V RHL7.0 64MB 20MB-HD

If you need to know more just contact me. I'll be available during the

And if it is NOT a bug, sorry for the nuisance.

Manuel Moran. (Spain)

Comment 1 Nalin Dahyabhai 2000-10-06 21:54:14 UTC
When the user is logged in remotely, are they also simultaneously logged in at
the console?  The access checking does not check which terminal the user is on,
just that he or she is also logged in on the console.

Comment 2 mmv 2000-10-07 14:42:42 UTC
YES! When the user is JUST logged in remotely but not from the console, halt and
reboot prompt for a password.

It seems like it is an intended feature. The change from the last version (6.2
in which they prompted always for password) made me think it was such a big bug.


Comment 3 Peter van Egdom 2002-07-31 18:44:23 UTC
This (quite serious) bug is still present in 
Red Hat Linux - Limbo (beta 2) 7.3.93.

Instead of a reboot or halting the system, the "halt" or "reboot" program
should ask for the superuser password, when typed in by a regular user.

I quote from the manpage of halt:

 "If you're not the superuser, you will get the message `must be superuser' "

Comment 4 Leonard den Ottolander 2004-02-04 14:16:00 UTC
This bug can be closed "NOTABUG". This has been asked repeatedly.
Since local users are able to pull the plug or push the power button
there is no use to disallow them to shutdown the box cleanly from the
command line.

The man page might need fixing to reflect that the above is not true
for local users due to the reasons I mentioned.

Comment 5 Miloslav Trmac 2004-02-04 23:03:28 UTC

*** This bug has been marked as a duplicate of 17882 ***

Comment 6 Red Hat Bugzilla 2006-02-21 18:47:47 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.