CentOS User Privileges.
Hi list, I’ve installed C 7.1.1503 and I’ve noticed that simple user can run from bash shutdown -h now/reboot without getting special permission (sudo, su). The machine is a VM without GUI (tested also on physical machine). From reddit I’ve got a suggestion: removing/comment out “-session optional pam_systemd.so” in /etc/pam.d/system-auth the problem is solved. This is a bug?
If not, why use this policy? There are security implication?
Thanks in advance.
5 thoughts on - CentOS User Privileges.
No, that’s the wrong way to solve it.
Permissions here are handled by policykit AFAIK.
/usr/share/polkit-1/actions/org.freedesktop.login1.policy likely to be of particular interest?
jh
Il 22/10/2015 10:49, John Hodrien ha scritto:
Hi J, thank you for the suggestion. Why team make this possible? What is the purpose?
It’s a nice flexible setup for a workstation situation. I can have CentOS
installed on a workstation, and allow users to reboot it as long as there’s noone else logged in. Works for me.
jh
and its totally inappropriate for a shared server.
Which is why you wouldn’t configure it for a shared server. I don’t understand the problem though, as the defaults *don’t* allow this do they?
/usr/share/polkit-1/actions/org.freedesktop.login1.policy:
jh