[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: how to restrict users from shutting down and rebooting server



On March 2, 2004 08:54 pm, Kashif Awan wrote:
> Hello everyone
> I am a newbie to linux I have installed RedHat Linux AS 2.1.
> I am running this server for testing . I created a user using adduser
> command after login I try to execute command shutdown it says command not
> found but when I tried halt,poweroff and reboot commands they worked My
> first question is that if a user is not allowed to use shutdown command
> then why they are allowed to execute other commands for same purpose.
> Second question is how do I restrict all users (except root and  two other)
> users from shutting down and rebooting the server. Somebody pls help me.
> Thanks in advance.
>

Hi Kashif,
How are the users accessing the system. If anyone has console, then many 
things change of course, including some privileges. If the users can use 
'halt' etc, then it sounds like local access.

You should have a look consolehelper ("man consolehelper"). When the user runs 
"halt", it actually calls "consolehelper". The real halt is in the same 
directory as shutdown, which is "/sbin/".

If you want to prevent users from rebooting the system, you first need to keep 
them remote.

If users are accessing via ssh, they should not have access to those commands. 
You could then allow access to them via sudo. sudo allows very granular 
control over who can run what commands. (man sudo, man visudo)

If use use sudo, DO NOT allow vi, vim, less, or more as they can all spawn 
shells. Use rvim as the editor, and I don't know about a pager (like less). 
-- 
Pete Nesbitt, rhce




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]