Bug 618623 - shutdown allows local non-privileged user to halt system
Summary: shutdown allows local non-privileged user to halt system
Alias: None
Product: Fedora
Classification: Fedora
Component: upstart (Show other bugs)
(Show other bugs)
Version: 13
Hardware: All Linux
Target Milestone: ---
Assignee: Casey Dahlin
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2010-07-27 12:12 UTC by Petr Pisar
Modified: 2014-06-18 08:47 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-07-27 13:52:16 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Petr Pisar 2010-07-27 12:12:23 UTC
Running /sbin/shutdown -h 0 as a non-root user proceeds system to shutdown sequence resulting in power off.

$ rpm -qf $(type -p shutdown)

This is undesired, insecure, abusive and against-all-customs behavior. Expected result is error message about refused attempt to shutdown by non-superuser.

Current default configuration is really one-user system centric and overviews other use cases.

I'd like to see more explicit configuration instead of such an Ubuntu style. E.g. adding users to supplementary `power' group.

Comment 1 Petr Lautrbach 2010-07-27 13:26:42 UTC
I'm not able to reproduce it. /sbin/shutdown needs root privileges.

[test@f13 ~]$ rpm -q upstart

[test@f13 ~]$ rpm -qV upstart

[test@f13 ~]$ ls -l /sbin/shutdown
-rwxr-xr-x. 1 root root 57920 May  4 22:31 /sbin/shutdown

[test@f13 ~]$ /sbin/shutdown -h 0
shutdown: Need to be root

I've tried it on serial console, virtual terminal, X terminal.

Please provide more information or reproducer. Otherwise it will be close as NOTABUG.

Comment 2 Petr Pisar 2010-07-27 13:49:14 UTC
Some bug in reality probably. Two of us have been able to reproduce it once a time, but not anymore. Feel free to close this report.

Note You need to log in before you can comment on or make changes to this bug.