On 1/24/20 4:38 AM, Alessandro Baggi wrote:
> Hi list,
>
> I installed on my workstation C8.1 (1911) and performed a minimal install and
> then installed XFCE from EPEL.
>
> I noticed a strange behaviour (don't know if this is the wanted default). If I
> try ,from normal user shell, to run command like "reboot" or "shutdown -h now"
> system will reboot/shutdown. This happens on tty console, on xfce terminal and
> ssh session.
>
> My user is not in wheel and during install I have not enabled checkbox to give
> that user administration permission. I tried to create a new user with adduser
> but got the same problem.
>
> To solve this I modified polkit login1 policy on
> /usr/share/polkit-1/actions/org.freedesktop.login1.policy setting
> <allow_active>no</allow_active> for statement that concern reboot and
> shutdown/poweroff.
>
> Why on CentOS a normal user can shutdown the system without root privileges? I
> think that on any server normal user should not be able to shutdown the system
> without privileges.
>
> This is a bug or a wanted default?
So, as you figured out from the polkit setting - "active" user's (i.e. with a
"seat") have access to shut a machine down. Now to figure out who has a seat
- and you use "loginctl" to see that. For e.g. from my non-privileged user
logged into my CentOS 8.1 VM via ssh:
$ loginctl
SESSION UID USER SEAT TTY
1 ##### user
it shows that I don't have a "seat" and so:
$ shutdown -h now
Failed to set wall message, ignoring: Connection timed out
Failed to power off system via logind: Interactive authentication required.
Failed to open initctl fifo: Permission denied
Failed to talk to init daemon.
as expected. Perhaps you can start tracking down with loginctl who has a seat
and why.
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 https://www.nwra.com/