static Posted April 27, 2005 Report Share Posted April 27, 2005 Can someone tell me how to control which users can run "reboot" or "halt"? I'm running an SSH server and don't want them to be able to shut it down! But I would like my non-admin account to still be allowed to reboot or halt... so it's only certain users I want to restrict access for... The same goes for the "shutdown -r 0" or "shutdown -h 0" and any other way of doing it... Thanks in advance! static Quote Link to comment Share on other sites More sharing options...
Guest anon Posted April 27, 2005 Report Share Posted April 27, 2005 AFAIK, if your not root or superuser, trying halt or reboot should return : must be root or superuser" or something like that......... Quote Link to comment Share on other sites More sharing options...
static Posted April 27, 2005 Author Report Share Posted April 27, 2005 AFAIK, if your not root or superuser, trying halt or reboot should return : must be root or superuser" or something like that......... <{POST_SNAPBACK}> Hey anon! Still kickin' @$$ with the site, I see Unfortunately any user can shut the whole system down or reboot it - I think it's tied to the fact that I had to choose the [High or Standard, can't remember] security setting to get SSH to work... I'm pretty sure that at the "Higher" setting regular users do get that message. Quote Link to comment Share on other sites More sharing options...
Leo Posted April 27, 2005 Report Share Posted April 27, 2005 How about giving your ordinary user account permission to run the commands using sudo? Quote Link to comment Share on other sites More sharing options...
static Posted April 27, 2005 Author Report Share Posted April 27, 2005 That's a good idea - I'll have to learn sudo (reading here I come) but I first need to remove the rights from the other users who can currently run those commands! If I have to su to root just to reboot that's fine - it's a server and won't get rebooted a whole lot anyway. The problem is learning how to take the power away from the rapidly growing list of users... <shudder> It's only a matter of time before one of them tries "reboot" just to see what happens... </shudder> Quote Link to comment Share on other sites More sharing options...
static Posted April 28, 2005 Author Report Share Posted April 28, 2005 Well, it's not a solution in terms of knowing how to do it manually, but settting the msec Security Level setting to "Higher" robs users of the ability to reboot or halt the machine, and that's what matters. Now that I can run the SSH server successfully at that setting anyway, I guess I can remove the tin-foil hat and sleep for the first time in days ;) Thanks for your help guys! static Quote Link to comment Share on other sites More sharing options...
Guest jamesc Posted May 1, 2005 Report Share Posted May 1, 2005 (edited) <shudder> It's only a matter of time before one of them tries "reboot" just to see what happens... </shudder> <{POST_SNAPBACK}> If you're running X, you can do this in MCC: MCC > Security > Levels and checks > System options Change "Reboot by the console user" to no. From the command line, edit /etc/security/msec/level.local and add the line: allow_reboot (no) You might need to run msec once you've done that. James. Edited May 1, 2005 by jamesc Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.