Tom Horsley writes: Perusing the manual pages, does systemctl start reboot.target work for you. If so, just create an alias for the reboot command in your root shell.

On 20201107 13:21:47, Cameron Simpson wrote: Something sounds bass akwards here. IMAO only root or an account with sudo privileges should be able to reboot the machine. And root should be able to do this at any time. {^_^}

On 20201107 16:47:03, Samuel Sieb wrote: Thank you. That detail was not part of the context included. I'll go back to sleep now. {^_-}

On Sat, 7 Nov 2020 17:28:01 -0800 jdow <jdow(a)earthlink.net&gt; wrote: <stuff edited out> and then others wrote "The current console user is generally allowed to reboot the system." why?? isn't that a giant security hole? just from mistakes, not to mention malice. I just shut everything down. On reboot I logged in as dave, no apps running and only one user - me. typing reboot into bash restarted the machine. Dave

On Sun, 8 Nov 2020 14:19:53 -0500 Jamie Fargen <jamie(a)fargenable.com&gt; wrote: you mean it won't work over ssh?

On 20201108 11:33:30, Dave Stevens wrote: There seems to be some linguistic misunderstandings here. What is a "root user"? I see that as somebody logged in as root. Anybody else has an account with sudo enabled, a sudoer. Anybody else is a user as is a sudoer when not prefixing commands with "sudo ". I interpreted "root user" to be somebody logged in using the root password not somebody who can run (some) root level commands using sudo instead of "su -l". You have two classes of login, remote and local. Remote can be subdivided if you wish. It simply means the remote user cannot reach over a push a button to physically reboot the machine. (And at least one version of RedHat Linux I used even the local reboot to single user mode required a password. That restriction didn't last long as I recall.) As a courtesy ANYBODY, root, sudoer, or user logged into a local (I can reach over a push a damn button if I have to) machine should be able to reboot, perhaps after some politeness mumbo-jumbo. ( "Fred, sue, marcy, meghan, george, johnj, and johna are logged in. Reboot anyway after warning them? y/n".) That allows the user about to pull the power switch a chance to be inhumanly polite. But, in the end, the reboot should happen. Perhaps if root is also logged in the mumbo-jumbo should be a little more serious. Any user logged in remotely should not be able to reboot the machine, period, end of statement. Any sudoer logged in remotely, when root is not logged, in should be able to reboot the machine after politeness mumbo-jumbo and rituals. If root is logged in I don't know what should happen. How much do you trust your root password or other account access. If you trust it implicitly, reboot should be prohibited even to sudoers. If you figure that the root account may get compromised and that "root" you see is not legitimate, then sudoers, people trusted more than most, should be able to reboot the machine hoping to catch it as it boots and close its doors. "Good luck". If you log in as root or su -l in as root then shutting down the machine with "shutdown" should work with the standard politeness mumbo-jumbo and "shutdown now" should bring it down instantly. Aside: Above this you might add a "shutdown (secret word here)" command that allows only a remote or local root login with the machine in a "dumb" state. The remote would be accepted only from one specific IP address range. Once logged in a specific sequence of commands would enable normal root access for that login. Then you can trouble shoot the machine and try to root out nasties before they manage to take the machine back away from you. Now that there is a definition for local and remote logins and three account types what do YOU guys think should be the actions when "shutdown" is typed by some warm body at some keyboard somewhere that is somehow linked to any given machine? Get specific and blow the generalities. {^_^}

On Sun, 8 Nov 2020 14:36:03 -0500 Matthew Miller <mattdm(a)fedoraproject.org&gt; wrote: denial of service? ibid

On 08Nov2020 11:13, Dave Stevens <geek(a)uniserve.com&gt; wrote: Cannot the console user type Ctrl-Alt-Del anyway? So I'm not sure this is of itself a security hole. Except in as much as it relies of software correctly deducing the physical presence of the console user at the console, and mucking that up would indeed be a security hole. So I think of itself it seems half legit, but it increases the attack surface. Cheers, Cameron Simpson <cs(a)cskk.id.au&gt;

On Sat, Nov 7, 2020 at 7:47 PM Samuel Sieb <samuel(a)sieb.net&gt; wrote: Since when is a non-root user allowed to reboot "from another terminal" (quoted from original email) window?

On Sat, Nov 7, 2020 at 10:22 PM Cameron Simpson <cs(a)cskk.id.au&gt; wrote: "w" and "who" look at "/var/run/utmp". "last" looks at "/var/log/wtmp". You can use "xterm*utmpInhibit: true" in "~/.Xresources" to prevent xterm from updating utmp. But it's hard to believe that this is what's messing with the other Tom H's system. Maybe...

On Mon, Nov 9, 2020 at 10:50 PM Cameron Simpson <cs(a)cskk.id.au&gt; wrote: You're welcome. The only reason that I remember this mismarch between _w_ho and _w_tmp is that I had a brain fart in a discussion at work and ran "ktruss who" (on NetBSD) to find out which *tmp file was being read.