On Thu, 31 Aug 2000, cyberspace wrote:
>
>
> On Thu, 31 Aug 2000, Orlando Andico wrote:
>
> > On Thu, 31 Aug 2000, cyberspace wrote:
> > ..
> > > While i'm doing my experiment on shutdown command. I noticed that
> > > an ordinary user can shutdown/reboot a server using their own password. As
> > > far as i know, ordinary user can only shutdown, reboot a server provided
> > > he/she knows the root password or a user was added in /etc/shutdown.allow.
> > > I just want to know if my thinking is right. I need your comments
> > > guys/guls, is this a bug or i maybe wrong lang.. :). Btw, i'm using RH6.2.
> >
> > This is a new "feature" in RH 6.2 in which an ordinary user can shut down
> > the system. I don't know how to disable it.
> >
> Ohhh! ganun po ba.. Thanks Orly.. Di ko yata nabasa yan ah.. :)..
> If that is the case.. It is dangerous to enable that feature. It should be
> disable by default.
>
Actually it is not dangerous, an ordinary user can only issue
those command (reboot, shutdown, etc) if he/she is on the console which
means that he/she has physical access to the machine(disabling the
feature does not prevent the user from bringing down the system). This is
a useful feature if you need ordinary users to be able to reboot the
machine without giving them the root password.
But be sure to upgrade your usermode package (details is on
redhat security focus).
> network slave
>
>
> ----------------------------------------------------------------------
> gpg: Signature made Fri 01 Sep 2000 08:05:40 AM PHT using DSA key ID 06051DC6
> gpg: Can't check signature: public key not found
> ----------------------------------------------------------------------
>
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
