William John Murray wrote: > Hello list, > I just noticed that an ordinary user can 'reboot' on fc4t2 > (kernel 2.6.11-1.1287_FC4) > This works when connected over ssh, which really doesn't feel like a > desireable feature. To be able to reboot/poweroff a machine, one must be either root or the console "owner". The owner of the console is the first person to log on at the physical console of the machine (either at a virtual terminal, or an X session). If the console owner logs off, the next person to log in to the console becomes the owner. If you can reboot from an ssh login, this suggests you are also logged on to the console. Sometimes, if you don't log out of an X-session cleanly, the console lock files remain, even if you are no longer logged on at the console. You would then still be able to reboot from a remote connection. Commands such as /usr/bin/poweroff are actually links to consolehelper. This determines if the user owns the console, and then calls /sbin/poweroff. The relevent lockfiles are /var/run/console.lock and /var/run/console/* Jonathan