shutdown ?????

sachin1361 · 02-28-2007, 05:20 AM

By-default ... root has full access to the server either from direct console or through other utilities such as ssh , telnet etc. I want that root(default) user ,when telnet to linux server , could not shutdown it from the remote location but if he wants to make shutdown , he should come to the server and enter shutdown or other commands to shutdown.

in other words, I want root should be denied access to shutdown from the remote location but he can do it only from the server

macemoneta · 02-28-2007, 05:24 AM

You have much bigger problems if you have people with root access that cannot be trusted to follow policy.

sachin1361 · 02-28-2007, 05:56 AM

well ...relax Dear

this is my testing lab and i want to deny the same user for shutdown command on remote system and allow on local system..

got It !!!!!!!!!1

macemoneta · 02-28-2007, 06:17 AM

Got it !!!!!!!!!!!111!!1

Good luck.

wpn146 · 02-28-2007, 09:57 AM

In general, do not allow login access to "root" via any means (telnet, ssh, etc...). Require login access to be through a normal username, one that is validated to use sudo or su.

You could also move the "shutdown" command somewhere else and place a script there that checks the output of the "who" command for the absence of string "pts/" before passing the command to the renamed version of shutdown. Note that this trick will work only until the user learns where the new location is at. Also, it does nothing to protect "reboot" or "init 6".