[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-ppc
Subject:    Re: Odd shutdown from KDE to single user
From:       "Andrew B. Arthur" <arthur99 () global2000 ! net>
Date:       1999-11-30 1:00:54
[Download RAW message or body]


>From: Martin Costabel <costabel@wanadoo.fr>

>> Hollis R Blanchard wrote:
>>
>> On Mon, 29 Nov 1999, Adam Price wrote:
>> >
>> > My unpriveledged username is ami.  If ami issues the command "shutdown
>> > now" from a kde window, he is prompted for his password.

This is a feature, not a bug :] At any rate, xdm, kdm and gdm *can* be
allowed to have special access to the shutdown command so that any, some or
none can shutdown without the root password. By default it's none, since for
the vast majority of people want to at the login screen shutdown without
having to know the root password.

Think about it for a second, the PC is in a classroom, a business or a home
with multiple members. You are logged out, and are sitting across the room
and yell, hey Joe shutdown the box. You don't want to have to make poor Joe
login (requiring him to have an account on your box with shutdown privileges
or giving him the root password). Make sense so far? At any rate, anybody
could just unplug it for the same effect (and not make it shutdown so
nicely).

>>>  The
>> > unpriveledged password given, kde shuts down to single user mode, with
>> > root access.

No, from kdm there is a dialog box that lets you choose shutdown or restart.
This dialog box is ONLY available on the local X Server and not on the
network or console or anywhere else. If you choose either of those options
[xdm, gdm, kdm] gets a special key from Pam to do this.

This will only let you shutdown -- and it never goes into single user mode
-- it goes directly to init 0 (halt) or init 6 (restart) from init 5. Their
is no way to get root access during such a process.

You can disabled this in xdm or gdm by editing some files. For kdm (KDE
Desktop Manger), run kdmconfig as root, and you easily set who can shutdown
-- console only, all or none (except root -- asks for root password when you
try to shutdown).

> man consolehelper explains this, too. The idea is that anyone sitting at
> your console can shut your computer down anyway, by pulling the power
> plug, for example.

Or hit the Power Button, Circuit Breaker, Cut the Power Line to your
building, you get the point.

One of the big problems with open firmware on Macintosh computers is it's
totally insecure -- no passwords or anything. That makes it easy for a
cracker with local access to your machine to bypass all your security by
booting in linux single. Mac OS and BootX Security is not much better, even
if you use Mac OS Multiple Users Security as tight as possible, and hide the
more kernel arguments in BootX their will still be ways to get around this
(I am sure you can think of some). A final solution, try locking the machine
off from others.

> If you are not root, this works only at the console,
> not over the net (and only if /usr/bin comes before /sbin in your
> $PATH).

Yes. And I believe this can also be disabled (if you really want to). I see
little benefit from doing this.


Thanks,

Andrew B. Arthur       |http://members.global2000.net/~arthur99
arthur99@global2000.net|http://linuxonline.org
(G)AIM: AArthur PPC    |http://osonline.org/mac


** Sent via the linuxppc-user mail list. See http://lists.linuxppc.org/

[prev in list] [next in list] [prev in thread] [next in thread]