CentOS User Privileges.

Home » CentOS » CentOS User Privileges.
CentOS 5 Comments

Hi list, I’ve installed C 7.1.1503 and I’ve noticed that simple user can run from bash shutdown -h now/reboot without getting special permission (sudo, su). The machine is a VM without GUI (tested also on physical machine). From reddit I’ve got a suggestion: removing/comment out “-session optional pam_systemd.so” in /etc/pam.d/system-auth the problem is solved. This is a bug?
If not, why use this policy? There are security implication?

Thanks in advance.

5 thoughts on - CentOS User Privileges.

  • No, that’s the wrong way to solve it.

    Permissions here are handled by policykit AFAIK.

    /usr/share/polkit-1/actions/org.freedesktop.login1.policy likely to be of particular interest?

    jh

  • Il 22/10/2015 10:49, John Hodrien ha scritto:
    Hi J, thank you for the suggestion. Why team make this possible? What is the purpose?

  • It’s a nice flexible setup for a workstation situation. I can have CentOS
    installed on a workstation, and allow users to reboot it as long as there’s noone else logged in. Works for me.

    jh

  • Which is why you wouldn’t configure it for a shared server. I don’t understand the problem though, as the defaults *don’t* allow this do they?

    /usr/share/polkit-1/actions/org.freedesktop.login1.policy:


    Power off the system
    Authentication is required for powering off the system.

    auth_admin_keep
    auth_admin_keep
    yes


    Reboot the system
    Authentication is required for rebooting the system.

    auth_admin_keep
    auth_admin_keep
    yes

    jh