Bug 6554 - Defaults allow any console user to reboot/halt/etc machine
Defaults allow any console user to reboot/halt/etc machine
Product: Red Hat Linux
Classification: Retired
Component: usermode (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Michael K. Johnson
Depends On:
  Show dependency treegraph
Reported: 1999-10-30 22:49 EDT by Chris Siebenmann
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 1999-11-15 14:24:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Chris Siebenmann 1999-10-30 22:49:44 EDT
The default zero-length halt, poweroff, shutdown, and
reboot files in /etc/security/console.apps allow any
console user to halt, power off, shut down, or reboot
the machine if they have logged into it. I believe that
this is an undesirable default, and that two things should

 First, I think that userhelper should default to assuming
that a zero-length file means either that nothing should
be allowed or that 'USER=root' should be the assumed
contents, instead of the current undocumented assumption
of 'USER=<user>'.

 Second, I think that these four files should all have the
contents 'USER=root' added, to make the policy explicit.
Comment 1 Preston Brown 1999-11-15 14:24:59 EST
We disagree, and believe that these are reasonable defaults.  Someone who has
console access already has the ability to do much worse than this in most
cases.  In the case of a server machine or a "cluster" type situation, the
defaults can be easily modified.

Note You need to log in before you can comment on or make changes to this bug.