[CentOS] C8 Question

Fri Jan 24 22:00:12 UTC 2020
Orion Poplawski <orion at nwra.com>

On 1/24/20 4:38 AM, Alessandro Baggi wrote:
> Hi list,
> I installed on my workstation C8.1 (1911) and performed a minimal install and
> then installed XFCE from EPEL.
> I noticed a strange behaviour (don't know if this is the wanted default). If I
> try ,from normal user shell, to run command like "reboot" or "shutdown -h now"
> system will reboot/shutdown. This happens on tty console, on xfce terminal and
> ssh session.
> My user is not in wheel and during install I have not enabled checkbox to give
> that user administration permission. I tried to create a new user with adduser
> but got the same problem.
> To solve this I modified polkit login1 policy on
> /usr/share/polkit-1/actions/org.freedesktop.login1.policy setting
> <allow_active>no</allow_active> for statement that concern reboot and
> shutdown/poweroff.
> Why on CentOS a normal user can shutdown the system without root privileges? I
> think that on any server normal user should not be able to shutdown the system
> without privileges.
> This is a bug or a wanted default?

So, as you figured out from the polkit setting - "active" user's (i.e. with a
"seat") have access to shut a machine down.  Now to figure out who has a seat
- and you use "loginctl" to see that.  For e.g. from my non-privileged user
logged into my CentOS 8.1 VM via ssh:

$ loginctl
      1 ##### user

it shows that I don't have a "seat" and so:

$ shutdown -h now
Failed to set wall message, ignoring: Connection timed out
Failed to power off system via logind: Interactive authentication required.
Failed to open initctl fifo: Permission denied
Failed to talk to init daemon.

as expected.  Perhaps you can start tracking down with loginctl who has a seat
and why.

Orion Poplawski
Manager of NWRA Technical Systems          720-772-5637
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion at nwra.com
Boulder, CO 80301                 https://www.nwra.com/