MandrivaThis Forum is for the discussion of Mandriva (Mandrake) Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have Mandrake 10.0 and a user rebooted the system remotely. I have tried to halt the system remotely with a normal user and it doesn't work. It says it must be superuser. Do you have any idea how is that possible? And also how can i find the process who called shutdown? Any reply would be apreciated.
My root password is secure.
Users are allowed to login as root remotely.
The user can do su, but i'm sure he doesn't know the password.
Here is a relevant part of /var/log/messages
Jul 8 16:30:17 irimie sshd(pam_unix)[21663]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=pd9e8937a.dip0.t-ipconnect.de user=alex
Jul 8 16:30:45 irimie kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC= SRC=192.168.69.1 DST=192.168.69.255 LEN=152 TOS=0x00 PREC=0x00 TTL=64 ID=1727 DF PROTO=UDP SPT=631 DPT=631 LEN=132
Jul 8 16:30:46 irimie sshd[21663]: Failed password for alex from 217.232.147.122 port 33195 ssh2
Jul 8 16:30:50 irimie sshd[21663]: Accepted password for alex from 217.232.147.122 port 33195 ssh2
Jul 8 16:30:50 irimie sshd(pam_unix)[21665]: session opened for user alex by (uid=500)
Jul 8 16:31:01 irimie CROND[21706]: (root) CMD (nice -n 19 run-parts /etc/cron.min)
Jul 8 16:31:01 irimie CROND[21705]: (root) MAIL (mailed 273 bytes of output but got status 0xffffffff )
Jul 8 16:31:16 irimie kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC= SRC=192.168.69.1 DST=192.168.69.255 LEN=152 TOS=0x00 PREC=0x00 TTL=64 ID=1728 DF PROTO=UDP SPT=631 DPT=631 LEN=132
Jul 8 16:31:47 irimie kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC= SRC=192.168.69.1 DST=192.168.69.255 LEN=152 TOS=0x00 PREC=0x00 TTL=64 ID=1729 DF PROTO=UDP SPT=631 DPT=631 LEN=132
Jul 8 16:32:00 irimie CROND[21756]: (root) CMD (nice -n 19 run-parts /etc/cron.min)
Jul 8 16:32:00 irimie CROND[21755]: (root) MAIL (mailed 273 bytes of output but got status 0xffffffff )
Jul 8 16:32:18 irimie kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC= SRC=192.168.69.1 DST=192.168.69.255 LEN=152 TOS=0x00 PREC=0x00 TTL=64 ID=1730 DF PROTO=UDP SPT=631 DPT=631 LEN=132
Jul 8 16:32:49 irimie kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC= SRC=192.168.69.1 DST=192.168.69.255 LEN=152 TOS=0x00 PREC=0x00 TTL=64 ID=1731 DF PROTO=UDP SPT=631 DPT=631 LEN=132
Jul 8 16:32:49 irimie shutdown: shutting down for system reboot
Jul 8 16:32:49 irimie init: Switching to runlevel: 6
User alex loged in, but there is no su. If he would've made su then it should have been in the log.
And then rebooted the system as user alex.
Last edited by zsolt_tuser; 07-09-2004 at 02:41 PM.
Do you absolutely need to be able to reboot the machine remotely? If so, why do the users need that capability? Also, what need do you have to allow root remote login access?
Another question: Is your display manager presenting a greeter to remote graphical login terminals that allows for the system to be shut down and/or rebooted?
My recommendations:
1) remove remote root access capability
2) double check your remote greeter to make sure reboots and shutdowns are disallowed
3) remove user capability to shutdown/reboot the system
IMHO, system shutdowns and reboots are only necessary from the console.
The users don't have the capability to reboot the machine remotely. Only root can. That's why I can't understand how was able an user to reboot the machine remotely. I don't absolutely need to be able to login as root remotely because I can login with normal user and then switch with su, but I don't think that this is my problem. I don't have a remote greeter. I read a thread about Mandrake 10 randomly rebooting. Do you think that this could be my case also?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.