This surprised the hell out of me, but I tried it with my current, fresh RHAT 6.1 install, and it worked perfectly. Very simply, any user can shutdown a RHAT 6.x box. [preed@excelsior preed]$ whoami preed [preed@excelsior preed]$ shutdown -k now Password: <typed in preed's password> Broadcast message from root Sun Jan 2 20:31:24 2000... The system is going down to maintenance mode NOW !! [preed@excelsior preed]$ Now, I don't know if this is a "feature," but allowing any user to shutdown boxen on RHAT 6.x isn't a good thing (tm). I tested with 6.1; a friend who told me about it tested with 6.0. BTW, props to Kennan (kmblehm) for reporting this to me...
This is a feature of PAM console. Any user who has access to the console and knows the password of the logged in user can shutdown a Red Hat 6.1 box.
I just tested this by logging in remotely through an ssh session, and executing the same string of commands as shown above; the same result occured (a shutdown commenced). I also tested this through an xterm, NOT on the console. I will be testing this more thoroughly on someone else's box tonight, but I wouldn't call something where any Joe Blow user who has access to a RHAT 6.x box can shut it down a "feature." If it is indeed a "feature," how do I turn said "feature" off?
it works on rh 6.2 beta too .. usermode-1.19-2 ... i fix this by editing files in /etc/security/console.apps, for example: $ cat halt USER=root PROGRAM=/sbin/halt it works ... i thing that will be more secure distribute package usermode with these fixes ... please ...
Are you sure you are not also logged in at the console? The definition of "console" pam_console uses is the physical screen/keyboard combination. If you are logged in on a VT and then start X, you are still logged in at the console. That you are executing the halt command from an xterm is immaterial. The same applies for situations where you log in remotely. If you happen to be logged in at the workstation at the same time, you will be able to execute commands that require access to the console.
I just tested this in my RHAT 6.1 box (usermode-1.18-1) where I was ONLY logged in through X (i.e. runlevel 5), and it prompted me for my password, and executed the halt. So, for clarification, I was NOT logged in to a VT. Immaterial of all of this, assuming that because someone is logged in on the console, they should have the right to shut down the machine with their own password is not a "feature." It's a bug, and RHAT should just admit it, and fix it.