Quote:
Originally Posted by jasohl
I started using Suse recently and found out i had to have root permissions to shutdown or restart the system.
|
on a desktop?? i am not familiar with suse, but i'm almost certain it has an option somewhere so that any user can shutdown... in fact, i believe it's like an option in the KDE control panel or something (i'm assuming suse uses KDE)...
Quote:
i used to use Mandrake/Mandriva and any user can shutdown the system. but i've been reading about this and it seems having root only able to shutdown is common. my question is why wouldn't a normal user be able to shutdown. where are the security risks.
|
well, keep in mind that gnu/linux was born as a server operating system... giving normal users the ability to shutdown a server opens the server to the possibility of a denial-of-service attack by disgruntled, malicious, or even naive users... imagine if you as the admin need to drive 4 hours to the server room in order to turn the server back on...
Quote:
running a single user desktop at home i have never really been concerned with security.
|
well, on a desktop, this shutdown permissions thing is usually (but not always) a non-issue... i mean, it does suck if your sister turns-off your PC when she's done using it and you had like 15 torrents downloading in your account... =/
Quote:
also can someone recommend a site(s) with explanations on security measures and issues. i have found lots of sites and info on HOW to secure. but not much on why. (e.g. why lock lilo.conf from user reading, etc.)
|
have you checked unSpawn's
security references thread?? there's a wide assortment of sites linked and i know some of them have really good documentation about the solutions they provide...
about the
lilo.conf question: non-root users don't usually have any reason to see the contents of
lilo.conf, so if one follows a policy of sharing information only on a "need to know basis" then having it non-readable to users makes sense...
that said, keep in mind that many times people use bootup passwords with lilo... these passwords get stored in
lilo.conf in an unencrypted fashion, so in those cases allowing users to read
lilo.conf would probably defeat the purpose of the password...
if you can't find the answers to the other gnu/linux security questions you have, please don't hesitate to ask them right here in the
Linux - Security forum!!!