Solved

Non root users shutting down or halting Linux servers

Posted on 2008-10-30
7
360 Views
Last Modified: 2013-12-16
After looking at various posts online, ive read about the possibility of non root users being able to issue init or shutdown commands that can halt, reboot or shutdown a Linux server. So i wanted to get some more input about this and some steps i read that can be done to prevent this, and whether they're necessary.

I have several RHEL4 servers that i want to make sure that non root users cant issue any init commands or shutdown commands or be able to ctrl+alt+backspace. I want only root and users in sudoers to be able to do this.

So to make sure that this can only be done with root or users in sudoers, will doing the following accomplish this?
changing /etc/inittab entry ca::ctrlaltdel:/sbin/shutdown -t3 -r now
to
ca::ctrlaltdel:ech0 Reboot/Shutdown is not possible at this time.

chmod /sbin/shutdown to 750
chmod /usr/bin/apmsleep to 750
removing everything in /etc/security/console.apps/

If there is any other steps that can be taken to prevent this, im all ears. Thanks in advance!
0
Comment
Question by:linuxpig
  • 3
7 Comments
 
LVL 10

Accepted Solution

by:
kyleb84 earned 125 total points
ID: 22847619
You might want to change these as well:

- /usr/bin/halt
- /sbin/halt
- /usr/bin/reboot
- /sbin/reboot
- /sbin/poweroff
- /usr/bin/poweroff

0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22847639
Another of interest:

/sbin/telinit
0
 

Author Comment

by:linuxpig
ID: 22855593
So are these valid points i brought up, or is there no reason to be concerned because non root users cant perform these functions?
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22864227
Yes, they are valid points, but what I posted are a few more that you should take care of as well.

non root users can call:
- /usr/bin/halt
- /usr/bin/reboot
- /usr/bin/poweroff

All these will reboot/shutdown the PC.

A chmod would be required.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now