From: dfox@hip-hop.suvl.ca.us (David Fox) Subject: Re: How to disable C-A-D for non-root users? Date: Sat, 12 Jun 1993 00:45:31 GMT
Joel M. Hoffman (joel@rac2.wam.umd.edu) wrote:
: I'm using SLS 0.99, with kernel 0.99.9, and as things stand now,
: anyone can press C-A-D to reboot the machine. Is there any way to
: disable C-A-D if pressed from a non-root environment? I realize there
Isn't C-A-D set up so that it points to /etc/halt or /etc/reboot, and
can't those files be set so non-root users can't execute? I do remember
this situatipon with the SLS 1.012 boot disk, when you do a C-A-D the
thing says "cannot execute /etc/halt".
IMHO it perhaps is better disabling C-A-D completely rather
than worrying about whether non-root people can do a C-A-D.
The reason for doing this is that C-A-D could be pressed accidentally, and
it's easier to do it than to run 'shoutdown', which is the correct procedure,
of course. Also, it makes little sense to protect such things from being
run by non-root users, when these same users (or any bozo) can easily come by
and hit the reset button (or turn power off) - and the OS cannot do a thing
about that, of course.
It's more important to make sure people cannot reboot your box via remote
means - so you shouldnt let remote users run as root, in any event IMHO.
: may be problems if C-A-D is pressed while an ordinary user is running
: a suid root program, but I can live with that.
: Thanks.
: -Joel
: (joel@wam.umd.edu)
: --
: -----------------------------------------------------------------------------
: |_|~~ Germany, 1943. ``A little garden, fragrant and full of roses.
: __|~| 16 Million DEAD. The path is narrow, and a little boy walks along it.
: A little boy, a sweet boy, like that growing blossom,
: cnc Bosnia, 1993. When the blossom comes to bloom,
: cnc HOW MANY MORE? The little boy will be no more.''
: - Franta Bass,
: killed at age 14 by the Nazis
: -----------------------------------------------------------------------------
: Tell Clinton to stop the genocide: president@whitehouse.gov
-- David E. Fox email: hip-hop!dfox@amdahl.com 5479 Castle Manor Drive San Jose, CA 95129 Thanks for letting me change the magnetic 408/ 253-7992 images on your hard drive.