LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-12-2007, 02:35 AM   #1
jasohl
Member
 
Registered: Oct 2006
Location: Seattle, Washington
Distribution: Gentoo, LinuxMint, Arch Linux
Posts: 99

Rep: Reputation: 18
Question Why not let users shutdown/restart system?


hey there,
I started using Suse recently and found out i had to have root permissions to shutdown or restart the system. i used to use Mandrake/Mandriva and any user can shutdown the system. but i've been reading about this and it seems having root only able to shutdown is common. my question is why wouldn't a normal user be able to shutdown. where are the security risks. running a single user desktop at home i have never really been concerned with security.
also can someone recommend a site(s) with explanations on security measures and issues. i have found lots of sites and info on HOW to secure. but not much on why. (e.g. why lock lilo.conf from user reading, etc.)

jacob
 
Old 03-12-2007, 04:30 AM   #2
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 77
The answer is simple really if you think about it. Linux runs on servers and in most situations, you do not want anybody to be able just reboot or shutdown your server without your knowledge because this can have undesirable effects. What version of SUSE are you using because as far as I know the desktop versions of SUSE will allow all users to shutdown or reboot.
 
Old 03-12-2007, 04:35 AM   #3
oneandoneis2
Senior Member
 
Registered: Nov 2003
Location: London, England
Distribution: Ubuntu
Posts: 1,460

Rep: Reputation: 48
Linux is a multi-user system. Its defaults take this into account. If you have half a dozen people using one computer, you don't want it to shut down just because one of them happens to have finished - all the others would lose all their work.

Usually, if you use KDE + KDM, or Gnome + GDM, you can shutdown & reboot as a normal user, tho..
 
Old 03-12-2007, 04:37 AM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by jasohl
I started using Suse recently and found out i had to have root permissions to shutdown or restart the system.
on a desktop?? i am not familiar with suse, but i'm almost certain it has an option somewhere so that any user can shutdown... in fact, i believe it's like an option in the KDE control panel or something (i'm assuming suse uses KDE)...

Quote:
i used to use Mandrake/Mandriva and any user can shutdown the system. but i've been reading about this and it seems having root only able to shutdown is common. my question is why wouldn't a normal user be able to shutdown. where are the security risks.
well, keep in mind that gnu/linux was born as a server operating system... giving normal users the ability to shutdown a server opens the server to the possibility of a denial-of-service attack by disgruntled, malicious, or even naive users... imagine if you as the admin need to drive 4 hours to the server room in order to turn the server back on...

Quote:
running a single user desktop at home i have never really been concerned with security.
well, on a desktop, this shutdown permissions thing is usually (but not always) a non-issue... i mean, it does suck if your sister turns-off your PC when she's done using it and you had like 15 torrents downloading in your account... =/

Quote:
also can someone recommend a site(s) with explanations on security measures and issues. i have found lots of sites and info on HOW to secure. but not much on why. (e.g. why lock lilo.conf from user reading, etc.)
have you checked unSpawn's security references thread?? there's a wide assortment of sites linked and i know some of them have really good documentation about the solutions they provide...

about the lilo.conf question: non-root users don't usually have any reason to see the contents of lilo.conf, so if one follows a policy of sharing information only on a "need to know basis" then having it non-readable to users makes sense...

that said, keep in mind that many times people use bootup passwords with lilo... these passwords get stored in lilo.conf in an unencrypted fashion, so in those cases allowing users to read lilo.conf would probably defeat the purpose of the password...

if you can't find the answers to the other gnu/linux security questions you have, please don't hesitate to ask them right here in the Linux - Security forum!!!

Last edited by win32sux; 03-12-2007 at 04:58 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Lost "Shutdown" and "Restart" From system menu in FC6 Nader1 Linux - Software 3 02-12-2007 04:40 PM
SuSE 9.3 - USB Diapeared & Non-Root users can shutdown system nuro305 SUSE / openSUSE 9 04-14-2006 02:27 PM
Shutdown.....but it restart max_232 Linux - Laptop and Netbook 2 07-08-2005 04:32 AM
Allowing users to shutdown the system LinuxSeeker Linux - General 3 11-11-2004 09:18 AM
Bash?? System Restart (shutdown -r now) woranl Linux - Newbie 4 04-13-2004 09:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration