The reboot command uses policykit to determine who is allowed to reboot
the computer. The default policy is found in the
/usr/share/polkit-1/actions/org.freedesktop.login1.policy file,
specifically:
<action id="org.freedesktop.login1.reboot">
<description>Reboot the system</description>
<defaults>
<allow_any>auth_admin_keep</allow_any>
<allow_inactive>auth_admin_keep</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
This means that if a user is on the console, they can reboot the computer. If
they aren't on the console, they need to authenticate as an administrator. The
reasoning behind allowing console users to shutdown and reboot is that they
have physical access anyway and are able to use the power button to perform the
same task.
You can override the default policy by creating your own policy file in
/var/lib/polkit-1/localauthority. Please see the policykit documentation
for specific instructions.
** Information type changed from Private Security to Public Security
** Changed in: systemd (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1440040
Title:
reboot command is executable by anybody
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1440040/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
