Solved

Non root users shutting down or halting Linux servers

Posted on 2008-10-30
7
363 Views
Last Modified: 2013-12-16
After looking at various posts online, ive read about the possibility of non root users being able to issue init or shutdown commands that can halt, reboot or shutdown a Linux server. So i wanted to get some more input about this and some steps i read that can be done to prevent this, and whether they're necessary.

I have several RHEL4 servers that i want to make sure that non root users cant issue any init commands or shutdown commands or be able to ctrl+alt+backspace. I want only root and users in sudoers to be able to do this.

So to make sure that this can only be done with root or users in sudoers, will doing the following accomplish this?
changing /etc/inittab entry ca::ctrlaltdel:/sbin/shutdown -t3 -r now
to
ca::ctrlaltdel:ech0 Reboot/Shutdown is not possible at this time.

chmod /sbin/shutdown to 750
chmod /usr/bin/apmsleep to 750
removing everything in /etc/security/console.apps/

If there is any other steps that can be taken to prevent this, im all ears. Thanks in advance!
0
Comment
Question by:linuxpig
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
7 Comments
 
LVL 10

Accepted Solution

by:
kyleb84 earned 125 total points
ID: 22847619
You might want to change these as well:

- /usr/bin/halt
- /sbin/halt
- /usr/bin/reboot
- /sbin/reboot
- /sbin/poweroff
- /usr/bin/poweroff

0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22847639
Another of interest:

/sbin/telinit
0
 

Author Comment

by:linuxpig
ID: 22855593
So are these valid points i brought up, or is there no reason to be concerned because non root users cant perform these functions?
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22864227
Yes, they are valid points, but what I posted are a few more that you should take care of as well.

non root users can call:
- /usr/bin/halt
- /usr/bin/reboot
- /usr/bin/poweroff

All these will reboot/shutdown the PC.

A chmod would be required.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
In my business, I use the LTS (Long Term Support) versions of Linux. My workstations do real work, and so I rarely have the patience to deal with silly problems caused by an upgraded kernel that had experimental software on it to begin with from a r…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question