users shutting down system
Hi All,
How can I disable users from shutting down and rebooting my system from the login screen? I'm using Redhat 9. Thanks for the help. Jon |
forbid a users ability to use the "su" command!!
in Slackware the file is /etc/sudoers of course in Slack one of the installed packages is sudo-1***, un-install the package and /etc/sudoers goes away, and root would have to login on CLI to do anything. |
This method works for me on Slackware 9.0, should work for
you too. Edit /etc/inittab so that it has the line: ca::ctrlaltdel:/sbin/shutdown -a -t5 -r now And create a /etc/shutdown.allow file that lists the users you want to allow to use ctrl-alt-del to reboot. From the shutdown(8) man page: Quote:
|
Hi,
I tried what was mentioned, but it didn't seem to work. When I log on with a user in redhat it asks if I want to 1. log off 2. shutdown or 3. restart I want to totally disable the shutdown and restart functions for all users except root in this graphical menu. Any ideas? Many thanks! Jon |
Sorry. My answer was assuming you were booting to a console
login prompt. I have no experiece with Redhat, so I am basing my reply here on using Slackware. I usually don't use runlevel 4 (GUI login), so I'm not sure how to disable those options, but I do think it depends on what display manager you are using (i.e. xdm, gdm, or kdm) for how you can disable those options. So you might want to post which one you are using. If you don't already know which one you are using, you can find out, if Redhat is similar to Slackware, by looking in /etc/inittab for a line starting with "x1:4:" that shows which script runs for runlevel 4. On Slackware this is /etc/rc.d/rc.4, but I think Redhat uses a different script. Whichever script it is, will start whichever display manager you are using. [Edit]Note, however, that my previous post should still disallow anyone from rebooting via ctrl-alt-del, even under the GUI.[/Edit] Beolach |
the only solution i can think of is in kde ( i don't use gnome so i wouldn't know what to do there). click on the kde control center > administration > login manager. click the administrator mode button (if not logged in as root) and enter the root password. click the sessions tab and in the dropdown list of the Allow shutdown frame where it says console, it should say everyone. choose the only root choice. click apply and close out of the session manager. if now you go to log out, it may still show those options, but the next time you log in and log out of kde, it won't.
but this only solves if the user is using kde. you'll have to figure out how to do it gnome especially if you have users using gnome. or maybe one of the X11 session files will do this for you all in one go (?). |
Jon wrote:
Quote:
This is a feature, not a bug. A system that can't be broken into via the physical console is one that becomes useless if passwords are lost/forgotten/cracked. I've frequently broken user authentication on various systems while experimenting with software like LDAP, RADIUS, TACACS, etc. - if I couldn't break into the system from the console I'd have lost tens (if not hundreds) of thousands of my employer's dollars! You can't really make the console secure, nor do you want to. What you might want, though, is to make rebooting difficult, so that nobody does it by accident, and train your users to use the system properly (that last bit is the *key* to success).;) How are your users currently rebooting the system? Are you letting them log in as root? Are they doing the "three finger salure?" Do they just push the reset button on the case? |
All times are GMT -5. The time now is 03:45 AM. |