Why Restart & Shutdown Buttons on login screen

Christopher A. Williams chriswfedora at cawllc.com
Fri Apr 25 15:15:48 UTC 2008


On Fri, 2008-04-25 at 16:39 +0200, Ralf Corsepius wrote:
> On Fri, 2008-04-25 at 08:23 -0600, Christopher A. Williams wrote:
> > On Fri, 2008-04-25 at 15:47 +0200, Ralf Corsepius wrote:

> > > Do you expect arbitrary users to switch off an unattended ("free")
> > > machine in a lab's or an office's machine pool, a classical workstation
> > > scenario?
> > 
> > Bottom line answer to this is emphatically YES ABSOLUTELY! If it's a
> > kiosk type machine.
> Workstation != kiosk.
> 
> A workstation is being shared amongst several users, users who aren't
> necessarily logged into the console.

That, then, is not a workstation. By strict definition, it's a server. A
server is generally defined as being any computer or program that shares
its resources with another computer or program.

For example, the reason why you run an X Windows _Server_ on your
desktop is because your desktop's display is being shared by the X
Windows Server with a program that is running on your system or (often
times) elsewhere on another machine.

In your example, that "workstation" is a server because it is sharing
resources with remote users logged into the system, or other programs
are using resources that have been shared from that so-called
"workstation".

By mixing these roles in the way you state, you actually violate a
number of principles with respect to security. Users should not be
allowed to login to the console, and only administrators should have
physical access to the machine.

>  
> >  In fact, given today's energy costs, I actually
> > would hope that someone would be savvy enough to do this at the end of
> > the day. There is absolutely no risk in powering such a system down as
> > the next user would only need to power the thing back up.
> 
> To shutdown a machine, the "instance/authority" shutting down a machine
> would have to know that nobody is wanting to use a machine.

...Which, again, makes the systems you describe servers. Server
administrators would know this is the case and would notify the user
community, as well any users on the system, of such events in advance.

> 
> > My home computer has multiple user accounts
> This is a different scenario than what I am talking about.
> 
> > If you truly have a multi-user environment - and multi-user means that
> > more than 1 person is logged onto the machine simultaneously - then you
> > have a different scenario, and in this case, the system essentially is a
> > server.
> Well, any workstation and any Linux system to some extend is a server :)

Close. Most all modern single user systems, regardless of the OS, have
certain server capabilities. That's why we call such systems networking
peers (the peer-to-peer networking idea). However, since the intended
use of such systems is such that non-administrators have physical access
to the machine and are logged into the local console, they are treated
as single user systems.

> 
> > > Q: How to disable these buttons permanently?
> > 
> > I'm not certain, however I would be hesitant to do this.
> 
> Why? This is the classical workstation-pool scenario. A set of machines
> being up around the clock and not supposed to be switched off.

...Ummm no. Actually, that's a classic server scenario that violates
some basic "system administrator 101" security principles. It mixes
roles of servers and workstations in a way that should give every CISSP
fits. Allowing non-administrators physical access to login to the local
console of such systems is just bad system administration security
practice.

Nonetheless, the solution I proposed would still allow you to work
around the situation sufficiently.

Cheers,

Chris


--
===========================
"If you are calm while all around you is chaos,
then you probably haven't fully understood
the magnitude of the situation."

--Unknown




More information about the fedora-list mailing list