RH9: How to make normal users not be able to reboot/shutdown

[sciencewhiz]

I have a Redhat 9 server that is accessed by remote X clients. However, each of the normal users can reboot and shutdown the machine from the gnome menu (and gdm) without a password. This is obviously a bad thing.

Anyone know how to make it prompt for the password (using redhat-ask-password, or whatever the name of that program is)? That would be the first choice. If not, How would I remove those entries from the logoff menu in gnome.

My debian system only lets you log off in gnome, and requires the root password to reboot or shutdown in gdm.

 

[SUOrangeman]

I don't use RH9, but can you remove the reboot/shutdown options from the gdm configurator? You can probably remove those entries from the GNOME menus altogether, if you can find the default menu definitions (/usr/share?).

-SUO, likely clueless ... as usual

 

[Abzstrak]

normal users shouldn't be able to do this unless RH changed something... they may sudo setup for the shutdown command or something, might want to check that.

 

[sciencewhiz]

Originally posted by: Abzstrak
normal users shouldn't be able to do this unless RH changed something... they may sudo setup for the shutdown command or something, might want to check that.

Normal users can definetly do it, in both RH7.3 and 9 in a default install.

 

[Nothinman]

X/GDM runs as root so of course they can do it. You should be able to atleast disable the system menu in the config editor or directly in gdm.conf.

 

[Abzstrak]

Originally posted by: sciencewhiz

Originally posted by: Abzstrak
normal users shouldn't be able to do this unless RH changed something... they may sudo setup for the shutdown command or something, might want to check that.

Normal users can definetly do it, in both RH7.3 and 9 in a default install.

I'm talking about normal users in linux, not RH specific, as I said RH must have changed something. I would check sudoers... Also, does RH have /etc/shutdown.allow ?

you can also attempt to do a chmod -s /sbin/shutdown and chmod -s /sbin/reboot

 

[cleverhandle]

There are a few components here - 1) the "System" menu in the GDM screen, 2) the ability to shut down the machine by running the "shutdown" command, and 3) the choice of "Log Out/Restart/Shut Down" when the user logs off, and You can control #1 and #2 easily - I'm not so sure about #3, but that is merely a cosmetic problem.

#1 - Run gdmsetup as root and deselect the choice for "Show System Menu".

#2 - Edit /etc/pam.d/poweroff and /etc/pam.d/reboot. Remove or # comment out the line with pam_console.so.

#3 - If you follow the above instructions, attempts to shutdown or reboot from the log out screen will return an error and dump the user back to the login screen. So functionally it's unimportant, though it's a bit ugly. I didn't dig much, but I suspect this choice is somewhere in the gdm code. Could well be wrong, though...

 

[sciencewhiz]

#1 worked fine

After I did #2, the shutdown and reboot options were not even availible from the log out screen. That's better then I expected, thanks cleverhandle

 

[cleverhandle]

Huh... that's odd. I tested it on an RH9 system and I still had the choices at the log out screen, even though they didn't work. Maybe I needed to restart a process or reboot. Glad it worked anyway.