LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-11-2007, 03:09 AM   #1
tataiermail
Member
 
Registered: Apr 2006
Location: calcutta, IND
Distribution: RHEL AS 4, openSUSE 10.2
Posts: 48

Rep: Reputation: 15
want ot restrict shutdown to root only


hi all,

i have seen in SUSE LINUX ENterprise SErver 9 that only root can shutdown the server.
if a normal user tries to shutdown the server it asks for root password. how do i configure the same in RHEL 4 ?
i want the command line approach to it.

thanks in advance,

suman
 
Old 07-11-2007, 03:14 AM   #2
b0uncer
LQ Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
There are several ways. I'm not sure how it's implemented in SuSE or any other such distro for that matter, but you could just chmod shutdown, reboot and init commands so that only owner (root) could read/execute them. To let other users (certain users) run it, you could then easily set up sudo for them in less than a minute, or something. Or if you wanted to do it so that users don't need to remember to run it trough sudo, you could rename the oringinal file (shutdown, for example) to some other name (like shutdown-original) and create a script in it's place (called shutdown in this example) that actually ran "sudo <command>", like "sudo shutdown".

EDIT: in some cases the distribution may have separate group for those people who can access shutdown/reboot commands, so check out if there's a group for that purpose. If a password is asked, it's pretty sure it's using sudo for that purpose. A good way is to create a group for those who can access shutdown commands (or others), remove read/execute permissions from everybody except root, then configure sudo so that the certain group has a right (with password) to execute shutdown, and then add the wanted users to that group. In addition you may create a script to wrap everything up, like I described. Configuring sudo consists of altering sudo config file found under /etc (/etc/sudoers if I'm right) and in some distributions adding the preferred users to the "sudo" group so that they can run the command at all.
Code:
man sudo

Last edited by b0uncer; 07-11-2007 at 03:18 AM.
 
Old 07-11-2007, 03:29 AM   #3
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Look at your /etc/sudoers file; (with visudo). There may be a line like "%users localhost=/sbin/shutdown -h now" that you may want to comment out, or change the group that can execute shutdown.

In Yast2: Security & Users -> Local Security. Click next until you get to Boot settings. There you can change the behavior of ctrl-alt-delete to "ignore", and shutdown behavior of KDM to "Root".
 
Old 07-11-2007, 09:30 AM   #4
tataiermail
Member
 
Registered: Apr 2006
Location: calcutta, IND
Distribution: RHEL AS 4, openSUSE 10.2
Posts: 48

Original Poster
Rep: Reputation: 15
@ jschiwal

hi,

i tried your process. i've commented out %users, and it has stopped normal users to shutdown from command line.
but they can shutdown from KDE menu !! still !
u gave one procedure to use graphically, but i need the command line way. means actually what change i've to make in the system. can u shed some light?
IS IT halt THAT IS CREATING THE PROBLEM ?
i have done "chmod o-x /sbin/halt". but still normal users can turn off PC from GUI.

@b0uncer

hi,

thanks for elaborating the possibilities. it was wonderful to read.
but /sbin/reboot is just a short cut to halt. and i've o-x from /sbin/halt.
------------------------------------
server:~ # ll /sbin/reboot
lrwxrwxrwx 1 root root 4 Jun 24 18:30 /sbin/reboot -> halt
server:~ # ll /sbin/halt
-rwxr-xr-- 1 root root 14420 Nov 25 2006 /sbin/halt
----------------------------------------
the GUI must be doing something else. actually i loved this feature of SLES 9.
so, i want to implement it in any OS i use. and for that i need to know the command based way. GUI based ways will be hell of different in different Linux-es.

thanks both of you guys, i'll keep on googling and share if i can find any way.
 
Old 07-11-2007, 04:18 PM   #5
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Did you make the changes in YaST that I mentioned. These are two items to do, and not alternatives.
 
Old 07-12-2007, 12:26 AM   #6
tataiermail
Member
 
Registered: Apr 2006
Location: calcutta, IND
Distribution: RHEL AS 4, openSUSE 10.2
Posts: 48

Original Poster
Rep: Reputation: 15
yes, i did that. and it's stopped normal users in suse to shutdown.
there is a similar settings in KDE control center too. for applying it in RHEL.

thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
restrict root shell using sudo ElectroLinux Linux - Security 2 03-30-2007 05:07 PM
restrict access to root / yogaboy Linux - Newbie 4 12-31-2006 08:17 AM
restrict internet access to the root only anubhuti_k Linux - Security 1 02-15-2005 12:59 AM
only root can shutdown rgiggs Slackware 9 07-04-2004 08:52 PM
Shutdown when not root? rje_NC Slackware 7 04-17-2003 11:59 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration