[CentOS] How to restrict reboot/poweroff from non-admins?

Wed Mar 28 15:11:00 UTC 2012
Johnny Hughes <johnny at centos.org>

On 03/28/2012 09:47 AM, Phil Schaffner wrote:
> Johnny Hughes wrote on 03/28/2012 10:26 AM:
>> On 03/28/2012 09:03 AM, Phil Schaffner wrote:
>>> Timo Neuvonen wrote on 03/28/2012 09:17 AM:
>>>> I just noticed that CentOS (6.2) by default allows any user to
>>>> reboot/poweroff system without any admin rights, or without any further
>>>> questions, if using commands 'reboot' or 'poweroff'. But 'shutdown' still
>>>> requires admin rights.
>>>>
>>>> What is the preferred way to restrict any regular user from rebooting /
>>>> powering off the system (by accident)?
>>>>
>>>> IMHO, sudo should be required for this purpose (at least in a system with
>>>> shared remote access from multiple users, single-user laptops etc may be a
>>>> different case)
>>>>
>>> OUCH! This seems to qualify as a CentOS bug.  I confirm that a normal
>>> user can reboot or poweroff the system on 6.2.  On RHEL:
>>>
>>> $ rpm -qa redhat-release\*
>>> redhat-release-server-6Server-6.2.0.3.el6.x86_64
>>> $ poweroff
>>> poweroff: Need to be root
>>> $ reboot
>>> reboot: Need to be root
>>>
>>> Phil
>> Make sure you are testing apples to apples
>>
>> Test ssh access versus local console access, etc.
>>
> Got me there.  The access mode does seem to be the difference.  I tested 
> from the GUI on CentOS and via ssh on RHEL.  Logged on to the console in 
> a GUI on RHEL6 a user can reboot or poweroff, and presumably also halt.  
> Seems to be the "console user" thing.  So CentOS does match upstream.
>

I just did some research on this ... the files that need to be modified
to change this behavior are:

/etc/pam.d/poweroff
/etc/pam.d/halt
/etc/pam.d/reboot

The files in CentOS are identical to upstream ... they are also
identical to each other and look like this:

auth       sufficient   pam_rootok.so
auth       required     pam_console.so
#auth       include     system-auth
account    required     pam_permit.so

I am sure those can be adjusted so console access by itself is not
sufficient.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20120328/6ac37119/attachment-0005.sig>