Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
07-11-2007, 03:09 AM
|
#1
|
Member
Registered: Apr 2006
Location: calcutta, IND
Distribution: RHEL AS 4, openSUSE 10.2
Posts: 48
Rep:
|
want ot restrict shutdown to root only
hi all,
i have seen in SUSE LINUX ENterprise SErver 9 that only root can shutdown the server.
if a normal user tries to shutdown the server it asks for root password. how do i configure the same in RHEL 4 ?
i want the command line approach to it.
thanks in advance,
suman
|
|
|
07-11-2007, 03:14 AM
|
#2
|
LQ Guru
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131
Rep:
|
There are several ways. I'm not sure how it's implemented in SuSE or any other such distro for that matter, but you could just chmod shutdown, reboot and init commands so that only owner (root) could read/execute them. To let other users (certain users) run it, you could then easily set up sudo for them in less than a minute, or something. Or if you wanted to do it so that users don't need to remember to run it trough sudo, you could rename the oringinal file (shutdown, for example) to some other name (like shutdown-original) and create a script in it's place (called shutdown in this example) that actually ran "sudo <command>", like "sudo shutdown".
EDIT: in some cases the distribution may have separate group for those people who can access shutdown/reboot commands, so check out if there's a group for that purpose. If a password is asked, it's pretty sure it's using sudo for that purpose. A good way is to create a group for those who can access shutdown commands (or others), remove read/execute permissions from everybody except root, then configure sudo so that the certain group has a right (with password) to execute shutdown, and then add the wanted users to that group. In addition you may create a script to wrap everything up, like I described. Configuring sudo consists of altering sudo config file found under /etc (/etc/sudoers if I'm right) and in some distributions adding the preferred users to the "sudo" group so that they can run the command at all.
Last edited by b0uncer; 07-11-2007 at 03:18 AM.
|
|
|
07-11-2007, 03:29 AM
|
#3
|
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
Look at your /etc/sudoers file; (with visudo). There may be a line like "%users localhost=/sbin/shutdown -h now" that you may want to comment out, or change the group that can execute shutdown.
In Yast2: Security & Users -> Local Security. Click next until you get to Boot settings. There you can change the behavior of ctrl-alt-delete to "ignore", and shutdown behavior of KDM to "Root".
|
|
|
07-11-2007, 09:30 AM
|
#4
|
Member
Registered: Apr 2006
Location: calcutta, IND
Distribution: RHEL AS 4, openSUSE 10.2
Posts: 48
Original Poster
Rep:
|
@ jschiwal
hi,
i tried your process. i've commented out %users, and it has stopped normal users to shutdown from command line.
but they can shutdown from KDE menu !! still !
u gave one procedure to use graphically, but i need the command line way. means actually what change i've to make in the system. can u shed some light?
IS IT halt THAT IS CREATING THE PROBLEM ?
i have done "chmod o-x /sbin/halt". but still normal users can turn off PC from GUI.
@b0uncer
hi,
thanks for elaborating the possibilities. it was wonderful to read.
but /sbin/reboot is just a short cut to halt. and i've o-x from /sbin/halt.
------------------------------------
server:~ # ll /sbin/reboot
lrwxrwxrwx 1 root root 4 Jun 24 18:30 /sbin/reboot -> halt
server:~ # ll /sbin/halt
-rwxr-xr-- 1 root root 14420 Nov 25 2006 /sbin/halt
----------------------------------------
the GUI must be doing something else. actually i loved this feature of SLES 9.
so, i want to implement it in any OS i use. and for that i need to know the command based way. GUI based ways will be hell of different in different Linux-es.
thanks both of you guys, i'll keep on googling and share if i can find any way.
|
|
|
07-11-2007, 04:18 PM
|
#5
|
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
Did you make the changes in YaST that I mentioned. These are two items to do, and not alternatives.
|
|
|
07-12-2007, 12:26 AM
|
#6
|
Member
Registered: Apr 2006
Location: calcutta, IND
Distribution: RHEL AS 4, openSUSE 10.2
Posts: 48
Original Poster
Rep:
|
yes, i did that. and it's stopped normal users in suse to shutdown.
there is a similar settings in KDE control center too. for applying it in RHEL.
thanks
|
|
|
All times are GMT -5. The time now is 08:16 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|