Re: C8 Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 1/24/20 4:38 AM, Alessandro Baggi wrote:
> Hi list,
> 
> I installed on my workstation C8.1 (1911) and performed a minimal install and
> then installed XFCE from EPEL.
> 
> I noticed a strange behaviour (don't know if this is the wanted default). If I
> try ,from normal user shell, to run command like "reboot" or "shutdown -h now"
> system will reboot/shutdown. This happens on tty console, on xfce terminal and
> ssh session.
> 
> My user is not in wheel and during install I have not enabled checkbox to give
> that user administration permission. I tried to create a new user with adduser
> but got the same problem.
> 
> To solve this I modified polkit login1 policy on
> /usr/share/polkit-1/actions/org.freedesktop.login1.policy setting
> <allow_active>no</allow_active> for statement that concern reboot and
> shutdown/poweroff.
> 
> Why on CentOS a normal user can shutdown the system without root privileges? I
> think that on any server normal user should not be able to shutdown the system
> without privileges.
> 
> This is a bug or a wanted default?

So, as you figured out from the polkit setting - "active" user's (i.e. with a
"seat") have access to shut a machine down.  Now to figure out who has a seat
- and you use "loginctl" to see that.  For e.g. from my non-privileged user
logged into my CentOS 8.1 VM via ssh:

$ loginctl
SESSION   UID USER  SEAT TTY
      1 ##### user

it shows that I don't have a "seat" and so:

$ shutdown -h now
Failed to set wall message, ignoring: Connection timed out
Failed to power off system via logind: Interactive authentication required.
Failed to open initctl fifo: Permission denied
Failed to talk to init daemon.

as expected.  Perhaps you can start tracking down with loginctl who has a seat
and why.

-- 
Orion Poplawski
Manager of NWRA Technical Systems          720-772-5637
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion@xxxxxxxx
Boulder, CO 80301                 https://www.nwra.com/

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux