Re: Prevent shutdown with systemctl

[Gary Dale <garydale@torfree.net>]

On 04/01/16 04:05 PM, Stuart Longland wrote:
> On 05/01/16 06:30, Gary Dale wrote:
> > Possibly but I note that systemctl is owned by root:root so that typical
> > users can't execute it anyway. They get execute rights from the links.
> Errm, no they wouldn't.  Not if they were symlinks.  Hardlinks, maybe.
>
> > Systemctl seems to figure out what to do based on the link that calls it
> > and the current system policy.
> It probably detects this from argv[0], which by convention is always the
> name of the file executed.  Since that file is the symbolic link, the
> name of that symbolic link is what's passed as the first argument in argv.
>
> Permissions, as it's usually the equivalent of a `stat` rather than a
> `lstat` system call, will come from the actual binary, which is
> world-executable.  The only thing that stops a user from actually
> shutting the machine down is the fact that sysctl does all sorts of
> voodoo to figure out who you are first before giving the nod to init.

The link is to /bin/systemctl which is NOT world executable and is owned 
by root:root. Therefore it should not be executable by anyone other than 
root. Neither apparently is the symlink, so your are right on that 
point. The original poster asked about using systemctl  so I assumed he 
was actually using it directly

Figuring my way through this, it must be that the various DMs that 
provide the shutdown buttons work some magic to allow normal users to 
shutdown computers. This of course means that any approach using 
permissions on the actual program or links cannot work.