Before this part of the thread dies out, can anybody comment on this, Simon, Ansgar, Jean-Christophe, ...?
On Thu, 2014-06-26 at 16:32 +0200, Svante Signell wrote: > On Thu, 2014-06-26 at 13:53 +0100, Simon McVittie wrote: > > On 26/06/14 13:33, Svante Signell wrote: > > > Of course with the additional check that the students are logged in to > > > that box locally, did I forget to mention that? > > > > ... or > > something involving utmp/wtmp/other traditions. > > > > utmp(5) says "many system programs (foolishly) depend on its integrity" > > so be very careful with security implications if you go that way. I > > wouldn't want anything relying on utmp for its security on my systems. > > Maybe I'm naive but doesn't utmp(5) solve this problem? > > who(1) tells me in clear-text if I'm logged in locally or remote: Here > Are there serious security problems with ancient utmp that cannot be > solved? And here. Even systemd use utmp: man -k utmp shows: systemd-update-utmp (8) - Write audit and utmp updates at runlevel changes and shutdown systemd-update-utmp-runlevel.service (8) - Write audit and utmp updates at runlevel changes and shutdown systemd-update-utmp-shutdown.service (8) - Write audit and utmp updates at runlevel changes and shutdown And utmp is universal unix, not something linux-specific (which systemd is) Controlling who is allowed to shutdown a computer is not that difficult in *nix*, without systemd: create a shutdown group and parse /var/run/utmp, or?? -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1403862797.12686.11.ca...@g3620.my.own.domain
