Re: Problem with '/etc/shutdown.allow'

Tue, 17 Oct 2000 17:54:55 -0500 

>>>>> "Ethan" == Ethan Benson <[EMAIL PROTECTED]> writes:

    Ethan> On Tue, Oct 17, 2000 at 01:56:16PM +1100, Brian May wrote:
    >> Wrong - shutdown.allow has no affect for ctrl+alt+del. You can
    >> press this even if you are not logged in.

    Ethan> Wrong, the existance of /etc/shutdown.allow means that a
    Ethan> listed user must be logged in on any of the console tty's
    Ethan> for control-alt-delete to work.  it does not require a
    Ethan> login per se, but someone [listed in shutdown.allow] does
    Ethan> have to be logged in for it to work.  that is what the -a
    Ethan> switch does, man shutdown.

    Ethan> if NOBODY is logged into the console and shutdown.allow
    Ethan> exists control-alt-delete is disabled.  i use this to
    Ethan> disable user directed shutdown one a machine i administer
    Ethan> remotely.  (so they don't kill it while im working)

I stand corrected. A case of misleading documentation:

       -a     Use /etc/shutdown.allow.

would suggest that it only checks the current user (ie root, as root
started init, which started the shutdown process. However, later on
it says:

       shutdown  can  be  called from init(8) when the magic keys
       CTRL-ALT-DEL are pressed, by creating an appropriate entry
       in /etc/inittab. This means that everyone who has physical
       access to the console keyboard can shut the  system  down.
       To  prevent  this,  shutdown can check to see if an autho­
       rized user is logged in on one of the virtual consoles. If
       shutdown  is  called with the -a argument (add this to the
       invocation of shutdown in /etc/inittab), it checks to  see
       if  the file /etc/shutdown.allow is present.  It then com­
       pares the login names in that file with the list of people
       that   are   logged   in   on   a  virtual  console  (from
       /var/run/utmp). Only if one of those authorized  users  or
       root  is  logged  in,  it  will proceed. Otherwise it will
       write the message.

It looks like (to me) that making shutdown setuid root means anybody
can shutdown the computer, from any location, as /etc/shutdown.allow
is only checked when -a is passed. Am I wrong?

If I am wrong, then the documentation should be corrected for this
special case.
-- 
Brian May <[EMAIL PROTECTED]>

Reply via email to