Johnny Hughes wrote on 03/28/2012 10:26 AM:
On 03/28/2012 09:03 AM, Phil Schaffner wrote:
Timo Neuvonen wrote on 03/28/2012 09:17 AM:
I just noticed that CentOS (6.2) by default allows any user to reboot/poweroff system without any admin rights, or without any further questions, if using commands 'reboot' or 'poweroff'. But 'shutdown' still requires admin rights.
What is the preferred way to restrict any regular user from rebooting / powering off the system (by accident)?
IMHO, sudo should be required for this purpose (at least in a system with shared remote access from multiple users, single-user laptops etc may be a different case)
OUCH! This seems to qualify as a CentOS bug. I confirm that a normal user can reboot or poweroff the system on 6.2. On RHEL:
$ rpm -qa redhat-release* redhat-release-server-6Server-6.2.0.3.el6.x86_64 $ poweroff poweroff: Need to be root $ reboot reboot: Need to be root
Phil
Make sure you are testing apples to apples
Test ssh access versus local console access, etc.
Got me there. The access mode does seem to be the difference. I tested from the GUI on CentOS and via ssh on RHEL. Logged on to the console in a GUI on RHEL6 a user can reboot or poweroff, and presumably also halt. Seems to be the "console user" thing. So CentOS does match upstream.
Phil