On 03/28/2012 09:38 PM, Timo Neuvonen wrote:
Only console users (local users) are allowed to do that. It's configured using pam (I use Centos5.8 so forgive me if this is not the same for CentOS6). I tried to change settings in /etc/pam.d/ and that indeed works:
/etc/pam.d/poweroff /etc/pam.d/reboot /etc/pam.d/halt
I added as a second line : auth sufficient pam_rootok.so # prevent normal users to reboot auth required pam_deny.so ....
But still the user locally logged on to the machine (gnome session) can switch it off. So I think I also missed something.
I can't test it right now, but reading 'man pam.d' made me wonder if 'required' in the 'auth required pam_deny.so' in the example above should be replaced with 'requisite'.
Both methods should work. With requisite the following checks are not done anymore (it fails right away). But even if the other tests succeed (after a failing required) the final judgement is still "fail". It a way not to tell the reason authentication fails. This makes it a little bit more difficult for an attacker.
Note that shutdown is not in the list of pam enabled applications. So a user cannot poweroff, but he can still shutdown :-( I read that /etc/shutdown.allow controls shutdown but I don't understand what the gnome desktop actually calls. Apparently it is not poweroff/reboot/halt.
Anyone knows how to properly prevent any non root user (console and remote) for powering off a machine?
I need this only for desktop users that switch of their machine by accident. The machine is used as part of a compute grid as well.
Theo