On Sun, Nov 8, 2020 at 9:44 AM Mauricio Tavares <raubvogel@xxxxxxxxx> wrote:
On Sat, Nov 7, 2020 at 7:47 PM Samuel Sieb <samuel@xxxxxxxx> wrote:
>
> On 11/7/20 3:16 PM, jdow wrote:
> > On 20201107 13:21:47, Cameron Simpson wrote:
> >> On 06Nov2020 21:50, Tom Horsley<horsley1953@xxxxxxxxx> wrote:
> >>> For as long as I can remember I've run dnf update in a root
> >>> xterm and when all the akmod activity and wot-not is finished,
> >>> I've run reboot from another terminal.
> >>>
> >>> Now, it won't reboot "because root is logged in".
> >>>
> >>> Gah! Who cares if root is logged in?
> >>>
> >>> Can I disable this helpful feature any way?
> >> Dunno, but maybe you can disable what it measures. Do your xterms make
> >> entries in wtmp (listed by "w" and "who")? Is so, ISTR that xterm has an
> >> option to not do that (look for "wtmp" in the manual IIRC). See if
> >> disabling that helps.
> >
> > Something sounds bass akwards here. IMAO only root or an account with
> > sudo privileges should be able to reboot the machine. And root should be
> > able to do this at any time.
>
> I think you're misunderstanding. A root user is logged in and he's
> trying to reboot using his normal user. The current console user is
> generally allowed to reboot the system.
> __
Since when is a non-root user allowed to reboot "from another
terminal" (quoted from original email) window?
______________________________
The keyword here is "local aka physical". If a non-root user is logged into a host on a local terminal most likely with a keyboard and mouse, not a psuedo terminal like an Xwindows Session or ssh. The user, even without sudo access or a member of an elevated priviledge group like the wheel group, can shutdown the host. To confirm my memory, just tested this by spinning up an F32 VM, getting on the terminal via virt-manager, logging in as a regular user and testing both the shutdown and reboot commands, the both worked.
I think you will have to dig into the PAM config to restrict local users from issuing shutdown / reboot commands.
Regards,
-Jamie
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx