Solved

Non root users shutting down or halting Linux servers

Posted on 2008-10-30
7
362 Views
Last Modified: 2013-12-16
After looking at various posts online, ive read about the possibility of non root users being able to issue init or shutdown commands that can halt, reboot or shutdown a Linux server. So i wanted to get some more input about this and some steps i read that can be done to prevent this, and whether they're necessary.

I have several RHEL4 servers that i want to make sure that non root users cant issue any init commands or shutdown commands or be able to ctrl+alt+backspace. I want only root and users in sudoers to be able to do this.

So to make sure that this can only be done with root or users in sudoers, will doing the following accomplish this?
changing /etc/inittab entry ca::ctrlaltdel:/sbin/shutdown -t3 -r now
to
ca::ctrlaltdel:ech0 Reboot/Shutdown is not possible at this time.

chmod /sbin/shutdown to 750
chmod /usr/bin/apmsleep to 750
removing everything in /etc/security/console.apps/

If there is any other steps that can be taken to prevent this, im all ears. Thanks in advance!
0
Comment
Question by:linuxpig
  • 3
7 Comments
 
LVL 10

Accepted Solution

by:
kyleb84 earned 125 total points
ID: 22847619
You might want to change these as well:

- /usr/bin/halt
- /sbin/halt
- /usr/bin/reboot
- /sbin/reboot
- /sbin/poweroff
- /usr/bin/poweroff

0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22847639
Another of interest:

/sbin/telinit
0
 

Author Comment

by:linuxpig
ID: 22855593
So are these valid points i brought up, or is there no reason to be concerned because non root users cant perform these functions?
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22864227
Yes, they are valid points, but what I posted are a few more that you should take care of as well.

non root users can call:
- /usr/bin/halt
- /usr/bin/reboot
- /usr/bin/poweroff

All these will reboot/shutdown the PC.

A chmod would be required.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question