how to restrict users from shutting down and rebooting server
Pete Nesbitt
pete at linux1.ca
Wed Mar 3 00:24:02 UTC 2004
On March 2, 2004 08:54 pm, Kashif Awan wrote:
> Hello everyone
> I am a newbie to linux I have installed RedHat Linux AS 2.1.
> I am running this server for testing . I created a user using adduser
> command after login I try to execute command shutdown it says command not
> found but when I tried halt,poweroff and reboot commands they worked My
> first question is that if a user is not allowed to use shutdown command
> then why they are allowed to execute other commands for same purpose.
> Second question is how do I restrict all users (except root and two other)
> users from shutting down and rebooting the server. Somebody pls help me.
> Thanks in advance.
>
Hi Kashif,
How are the users accessing the system. If anyone has console, then many
things change of course, including some privileges. If the users can use
'halt' etc, then it sounds like local access.
You should have a look consolehelper ("man consolehelper"). When the user runs
"halt", it actually calls "consolehelper". The real halt is in the same
directory as shutdown, which is "/sbin/".
If you want to prevent users from rebooting the system, you first need to keep
them remote.
If users are accessing via ssh, they should not have access to those commands.
You could then allow access to them via sudo. sudo allows very granular
control over who can run what commands. (man sudo, man visudo)
If use use sudo, DO NOT allow vi, vim, less, or more as they can all spawn
shells. Use rvim as the editor, and I don't know about a pager (like less).
--
Pete Nesbitt, rhce
More information about the redhat-list
mailing list