KDE: anybody can shutdown my box!!! How to prevent this?
 

Hello all,

I am running KDE 3.0...

my question is the following, when I lock my screen it then prompts the user for a password, but next to that field, they can also select "start new session", and in then next screen they can do a Menu--->Shutdown......!!!!!!!

So anybody that gains physical access to the console can shutdown my box????

How can I change this?

first, find shutdown
(probably in /sbin/shutdown, but not sure I'm not in front of a Linux box right now, can check)

then change ownership to root like this
chown root:root /sbin/shutdown


now only root can shutdown. I know it's not the best solution but this might work.

In the KDE control center, in System, Login Manager. Enter Admin mode (need root password) and try the Session tab iirc :)

Thanks for your responses guys! I went to KDE Control Center--->System--->Login Manager---->Sessions tab---->Allow shutdown--->console: only root |||| remote: only root

Much better now!

Hmmmm, why would this be "Everyone" instead of root by default....not a nice security hole....?!?!

Well if it wasnt serving things, just a desktop box instead, and users need to turn it off or reboot, then they dont need the admin to come over and login just to shutdown. Better than having them just push the power button.
Install Mandrake9.1 as a desktop, everyone can locally reboot. Install Mandrake9.1 as a server/using Higher security setting, and it'll keep returning that option to root only. :D
True there are security problems with anyone being able to reboot while at the machine, but you should be able to find info to protect bootloader security issues.
You can set it to do whatever you want. :)

Thanks for the tips guys!