[CentOS] C8 Question

Sat Jan 25 08:21:31 UTC 2020
Alessandro Baggi <alessandro.baggi at gmail.com>

Il 24/01/20 23:00, Orion Poplawski ha scritto:
> On 1/24/20 4:38 AM, Alessandro Baggi wrote:
>> Hi list,
>>
>> I installed on my workstation C8.1 (1911) and performed a minimal install and
>> then installed XFCE from EPEL.
>>
>> I noticed a strange behaviour (don't know if this is the wanted default). If I
>> try ,from normal user shell, to run command like "reboot" or "shutdown -h now"
>> system will reboot/shutdown. This happens on tty console, on xfce terminal and
>> ssh session.
>>
>> My user is not in wheel and during install I have not enabled checkbox to give
>> that user administration permission. I tried to create a new user with adduser
>> but got the same problem.
>>
>> To solve this I modified polkit login1 policy on
>> /usr/share/polkit-1/actions/org.freedesktop.login1.policy setting
>> <allow_active>no</allow_active> for statement that concern reboot and
>> shutdown/poweroff.
>>
>> Why on CentOS a normal user can shutdown the system without root privileges? I
>> think that on any server normal user should not be able to shutdown the system
>> without privileges.
>>
>> This is a bug or a wanted default?
> So, as you figured out from the polkit setting - "active" user's (i.e. with a
> "seat") have access to shut a machine down.  Now to figure out who has a seat
> - and you use "loginctl" to see that.  For e.g. from my non-privileged user
> logged into my CentOS 8.1 VM via ssh:
>
> $ loginctl
> SESSION   UID USER  SEAT TTY
>        1 ##### user
>
> it shows that I don't have a "seat" and so:
>
> $ shutdown -h now
> Failed to set wall message, ignoring: Connection timed out
> Failed to power off system via logind: Interactive authentication required.
> Failed to open initctl fifo: Permission denied
> Failed to talk to init daemon.
>
> as expected.  Perhaps you can start tracking down with loginctl who has a seat
> and why.
>
Hi, thank you very much for your suggestion, loginctl did help me to 
understand this "problem". I tried to run loginctl on my VM logging in 
with ssh and I get this:

[testuser at localhost ~]$ loginctl
SESSION   UID USER       SEAT   TTY
            3  1000 testuser

1 sessions listed.

and try to run reboot give me the expected behaviour.
If I try from tty console I have a seat for testuser and can reboot the 
system.

I don't know what I done in the other test...

Thank you very much, I'm happy this is my mistake and not a centos bug.

Thank you to all user that helped me.