[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-ppc
Subject:    Re: Odd shutdown from KDE to single user
From:       Justin Shore <macdaddy () vinnie ! ksu ! ksu ! edu>
Date:       1999-11-30 0:56:43
[Download RAW message or body]


At 11:47 PM +0100 11/29/99, Martin Costabel wrote:
>Hollis R Blanchard wrote:
>  >
>  > On Mon, 29 Nov 1999, Adam Price wrote:
>  > >
>  > > My unpriveledged username is ami.  If ami issues the command "shutdown
>  > > now" from a kde window, he is prompted for his password.  The
>  > > unpriveledged password given, kde shuts down to single user mode, with
>  > > root access.  Is this correct?  For me it doesn't matter, since I am the
>  > > only user, but how would I prevent this if I had more users?
>  >
>  > I noticed that too. I think I was told it's "correct". The cause 
>might be the
>  > line
>  >   account    required     /lib/security/pam_permit.so
>  > in /etc/pam.d/shutdown, which seems to imply it's sufficient to 
>simply have an
>  > account on the system to shut it down. /usr/doc/pam-* has info on 
>the config
>  > file syntax, but I don't really have time to look through it right now...
>
>man consolehelper explains this, too. The idea is that anyone sitting at
>your console can shut your computer down anyway, by pulling the power
>plug, for example. If you are not root, this works only at the console,
>not over the net (and only if /usr/bin comes before /sbin in your
>$PATH).

I'm not sure how relevant this is but I know that if you want to 
restrict shutting down via the 3-finger salute (ctrl-alt-del) you 
have to create a /etc/shutdown.allow file.  In that you can add the 
users you want to allow to shutdown the machine (limit 32 users). 
One of the authorized users has to be logged in on a VC to shut the 
machine down then.  I believe this only applies to the 3-finger 
salute. 'man shutdown' should have more detailed info.  HTH

Justin


** Sent via the linuxppc-user mail list. See http://lists.linuxppc.org/

[prev in list] [next in list] [prev in thread] [next in thread]