On Mon, 22 Oct 2001, Aaron Konstam wrote: > I agree you have to be logged in at the console. But I guess I am unix > predjudiced but why should a normal user ever be able to halt or reboot > a machine. Sounds like a security hole to me.
I guess the reasoning is that Redhat is frequently used as a desktop OS. I wouldn't want to log in as root every night to shut down the machine. On the production server I am running, I simply added the line: auth required /lib/security/pam_deny.so to /etc/pam.d/reboot and /etc/pam.d/halt The permission settings on /sbin/halt are fine because /sbin/shutdown will only allow root or users in /etc/shutdown.allow to actually shut down. I also changed alt+ctrl+del to print an error message. I can just imaging some newbie installing RedHat on their new computer and not figuring out how to shutdown. One thing I think might be cool would be to have a pam module that will only allow members of the wheel group to shut down. Kind of a BSD thing where only wheel members can su as root. I tried changing the PAM module to use BSD style su, but didn't have the time to get it finished (There are still some things I don't understand about PAM internels). David _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/seawolf-list
