Red Hat Bugzilla – Bug 618623
shutdown allows local non-privileged user to halt system
Last modified: 2014-06-18 04:47:15 EDT
Running /sbin/shutdown -h 0 as a non-root user proceeds system to shutdown sequence resulting in power off.
$ rpm -qf $(type -p shutdown)
This is undesired, insecure, abusive and against-all-customs behavior. Expected result is error message about refused attempt to shutdown by non-superuser.
Current default configuration is really one-user system centric and overviews other use cases.
I'd like to see more explicit configuration instead of such an Ubuntu style. E.g. adding users to supplementary `power' group.
I'm not able to reproduce it. /sbin/shutdown needs root privileges.
[test@f13 ~]$ rpm -q upstart
[test@f13 ~]$ rpm -qV upstart
[test@f13 ~]$ ls -l /sbin/shutdown
-rwxr-xr-x. 1 root root 57920 May 4 22:31 /sbin/shutdown
[test@f13 ~]$ /sbin/shutdown -h 0
shutdown: Need to be root
I've tried it on serial console, virtual terminal, X terminal.
Please provide more information or reproducer. Otherwise it will be close as NOTABUG.
Some bug in reality probably. Two of us have been able to reproduce it once a time, but not anymore. Feel free to close this report.