Unprivileged Users Rebooting At Console

Home » CentOS » Unprivileged Users Rebooting At Console
CentOS 5 Comments

I’m curious why any user logged in at the console can issue the ‘reboot’ command and reboot the system.

5 thoughts on - Unprivileged Users Rebooting At Console

  • command and reboot the system. I’ve tested/verified this to work, and read some older posts about this. If it were a bug, I suspect it would be fixed by now. another system, that user can also reboot the system from that ssh connection. It would seem that once a user authenticates on the console, and remains on the console, they can reboot from any other/new tty. Once they drop off the console, the SSH connections can no longer reboot.

    “Consolekit”

    Users with physical acces have higher capabilities in software because, well, physical access is root access.

    Also, that configuration works better for workstation installations;
    imagine if a user couldn’t shut down their laptop safely because they didn’t have admin privileges on the system.

    (Sorry for brief response; sending from phone.)

  • How are you rebooting? What groups are you in? From the command line? When I try this on Ubuntu (don’t have a RHEL/CentOS here) I get “Have to be root” if I issue the /sbin/reboot command as an ordinary user.

    Cheers,

    Cliff

  • Please try not to top post.

    Ubuntu and Debian require authorization to reboot. RedHat based distributions don’t under various circumstances.

    I don’t know what most other distributions do, the BSDs don’t allow it, nor does ArchLinux.

    Whether it’s something that’s always been this way or just one more Fedora-ism aimed at the person fleeing Windows that made its way into RH, I
    have no idea.

  • Cliff Pratt writes:


    Odd combination of systems to check right now but:

    1) Fedora 18 (Xfce respin) VM console: Applications -> Logout -> Shutdown

    2) Fedora 18 (Xfce respin) VNC session to native install: Above combination is greyed out. I can only logout. But if I go to the physical system and log in, I get the ability to shut it down.

    3) Scientific Linux 6.4 console (roughly equivalent to CentOS 6.4):
    Applications -> Logout -> Shutdown

    4) All of the above: CTRL-ALT-DEL key press although I have to send the key combination to the VM through the KVM GUI.

    5) Power button or reset button.

    6) Power cord.

    The last two options are why someone with physical access also has the ability to shutdown a system. Also, I run Linux on my laptop and would find it very annoying not to be able to shutdown the system when I need to.

    Cheers, Dave

LEAVE A COMMENT