reboot works for non-priveliged user
Jonathan Rawle
jr36 at leicester.ac.uk
Mon May 9 13:12:50 UTC 2005
William John Murray wrote:
> Hello list,
> I just noticed that an ordinary user can 'reboot' on fc4t2
> (kernel 2.6.11-1.1287_FC4)
> This works when connected over ssh, which really doesn't feel like a
> desireable feature.
To be able to reboot/poweroff a machine, one must be either root or the
console "owner". The owner of the console is the first person to log on at
the physical console of the machine (either at a virtual terminal, or an X
session). If the console owner logs off, the next person to log in to the
console becomes the owner.
If you can reboot from an ssh login, this suggests you are also logged on to
the console. Sometimes, if you don't log out of an X-session cleanly, the
console lock files remain, even if you are no longer logged on at the
console. You would then still be able to reboot from a remote connection.
Commands such as /usr/bin/poweroff are actually links to consolehelper. This
determines if the user owns the console, and then calls /sbin/poweroff.
The relevent lockfiles are /var/run/console.lock and /var/run/console/*
Jonathan
More information about the test
mailing list