LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices



Reply
 
Search this Thread
Old 09-01-2003, 03:31 PM   #1
jonfa
Member
 
Registered: Mar 2001
Location: FL
Posts: 257

Rep: Reputation: 30
users shutting down system


Hi All,

How can I disable users from shutting down and rebooting my system from the login screen? I'm using Redhat 9. Thanks for the help.

Jon
 
Old 09-01-2003, 03:47 PM   #2
320mb
Senior Member
 
Registered: Nov 2002
Location: pikes peak
Distribution: Slackware, LFS
Posts: 2,577

Rep: Reputation: 47
forbid a users ability to use the "su" command!!
in Slackware the file is /etc/sudoers
of course in Slack one of the installed packages is sudo-1***,
un-install the package and /etc/sudoers goes away, and root would have to login on CLI to do anything.

Last edited by 320mb; 09-01-2003 at 03:49 PM.
 
Old 09-01-2003, 04:09 PM   #3
beolach
LQ Newbie
 
Registered: Jul 2003
Distribution: Gentoo
Posts: 29

Rep: Reputation: 15
This method works for me on Slackware 9.0, should work for
you too. Edit /etc/inittab so that it has the line:
ca::ctrlaltdel:/sbin/shutdown -a -t5 -r now

And create a /etc/shutdown.allow file that lists the users you
want to allow to use ctrl-alt-del to reboot.

From the shutdown(8) man page:
Quote:
ACCESS CONTROL
shutdown can be called from init(8) when the magic keys CTRL-ALT-DEL are pressed, by creating an appropriate entry in /etc/inittab. This means that everyone who has physical access to the console keyboard can shut the system down. To prevent this, shutdown can check to see if an authorized user is logged in on one of the virtual consoles. If shutdown is called with the -a argument (add this to the invocation of shutdown in /etc/inittab), it checks to see if the file /etc/shutdown.allow is present. It then compares the login names in that file with the list of people that are logged in on a virtual console (from /var/run/utmp). Only if one of those authorized users or root is logged in, it will proceed. Otherwise it will write the message

shutdown: no authorized users logged in

to the (physical) system console. The format of /etc/shutdown.allow is one user name per line. Empty lines and comment lines (prefixed by a #) are allowed. Currently there is a limit of 32 users in this file.

Note that if /etc/shutdown.allow is not present, the -a argument is ignored.
 
Old 09-01-2003, 04:27 PM   #4
jonfa
Member
 
Registered: Mar 2001
Location: FL
Posts: 257

Original Poster
Rep: Reputation: 30
Hi,

I tried what was mentioned, but it didn't seem to work. When I log on with a user in redhat it asks if I want to

1. log off
2. shutdown or
3. restart

I want to totally disable the shutdown and restart functions for all users except root in this graphical menu. Any ideas? Many thanks!

Jon
 
Old 09-01-2003, 05:32 PM   #5
beolach
LQ Newbie
 
Registered: Jul 2003
Distribution: Gentoo
Posts: 29

Rep: Reputation: 15
Sorry. My answer was assuming you were booting to a console
login prompt. I have no experiece with Redhat, so I am basing
my reply here on using Slackware.

I usually don't use runlevel 4 (GUI login), so I'm not sure how to
disable those options, but I do think it depends on what display
manager you are using (i.e. xdm, gdm, or kdm) for how you can
disable those options. So you might want to post which one you
are using. If you don't already know which one you are using,
you can find out, if Redhat is similar to Slackware, by looking in
/etc/inittab for a line starting with "x1:4:" that shows which script
runs for runlevel 4. On Slackware this is /etc/rc.d/rc.4, but I think
Redhat uses a different script. Whichever script it is, will start
whichever display manager you are using.

[Edit]Note, however, that my previous post should still disallow
anyone from rebooting via ctrl-alt-del, even under the GUI.[/Edit]

Beolach

Last edited by beolach; 09-01-2003 at 05:34 PM.
 
Old 09-01-2003, 09:45 PM   #6
megaspaz
Senior Member
 
Registered: Nov 2002
Location: Silly Con Valley
Distribution: Red Hat 7.3, Red Hat 9.0
Posts: 2,054

Rep: Reputation: 46
the only solution i can think of is in kde ( i don't use gnome so i wouldn't know what to do there). click on the kde control center > administration > login manager. click the administrator mode button (if not logged in as root) and enter the root password. click the sessions tab and in the dropdown list of the Allow shutdown frame where it says console, it should say everyone. choose the only root choice. click apply and close out of the session manager. if now you go to log out, it may still show those options, but the next time you log in and log out of kde, it won't.

but this only solves if the user is using kde. you'll have to figure out how to do it gnome especially if you have users using gnome.

or maybe one of the X11 session files will do this for you all in one go (?).

Last edited by megaspaz; 09-01-2003 at 09:58 PM.
 
Old 09-02-2003, 11:56 AM   #7
Medievalist
Member
 
Registered: Aug 2003
Distribution: Dead Rat
Posts: 175

Rep: Reputation: 37
Jon wrote:
Quote:
How can I disable users from shutting down and rebooting my system from the login screen?
If you are letting untrusted/untrained users access your system console, you cannot secure your system.

This is a feature, not a bug. A system that can't be broken into via the physical console is one that becomes useless if passwords are lost/forgotten/cracked. I've frequently broken user authentication on various systems while experimenting with software like LDAP, RADIUS, TACACS, etc. - if I couldn't break into the system from the console I'd have lost tens (if not hundreds) of thousands of my employer's dollars!

You can't really make the console secure, nor do you want to. What you might want, though, is to make rebooting difficult, so that nobody does it by accident, and train your users to use the system properly (that last bit is the *key* to success).

How are your users currently rebooting the system? Are you letting them log in as root? Are they doing the "three finger salure?" Do they just push the reset button on the case?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem shutting down new system daniel_lidstrom Debian 2 01-11-2005 09:18 AM
system hangs when shutting down twistedinfo Slackware 9 10-25-2004 09:15 AM
shutting down my system Abe_the_Man Slackware 3 10-15-2003 12:29 AM
Correctly Shutting down system thats hanging BogoMips Slackware 1 05-08-2002 09:41 PM
System freezes when shutting down Bernhard Linux - Newbie 3 01-13-2002 12:56 PM


All times are GMT -5. The time now is 12:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration