Hi, I am using RH6.0 and have noticed a very strange behaviour of "shutdown": when a local non-root user does "shutdown now", the system will shutdown all services, and switch to single-user root shell. This of course, is quite disturbing since a non-root local user can get root very easily this way. But this is not the end of it! if you are now shouting "/etc/shutdown.allow", it is not the answer! "/etc/shutdonw.allow" is only used when doing "shutdown -a". So my *first* question to the list, is how can I prevent a user from doing a shutdown and gaining root shell? will changing the permissions of /usr/bin/shutdown do it? Furthermore, after RTFMing "shutdown", "consolehelper" and "PAM"'s manuals I have noticed the following things: 1. RH procedure to this whole shutting down process is extremly brain damaged. You have /sbin/shutdown, and you have /usr/bin/shutdown which is actually a link to /usr/bin/consolehelper. Why? what is the difference between /sbin/shutdown and /usr/bin/consolehelper (that /usr/bin/shutdown is linked to)? 2. a user who is logged both locally and remotely to machine can shut it down remotely. In case people share accounts, this can lead to a sort of DoS attack. 3. AFAIK, OpenBSD (*the* securest os :) and SuSE do not allow a non-root user to shut down the machine. Why does RH allow it? Yosi ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
