[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: user shutingdown/rebooting system w/wo sudo



	Hi.

On Thu, Jul 20, 2017 at 04:39:20AM -0400, Fungi4All wrote:
> Apart from what different wm/dm do, should a user without sudo
> priviledges be able to stop or restart a system?
> In most wm I have seen the user is able to do this without being
> asked for root priviledges and I believe this is wrong and should
> not be done.
> As I see contradictory reading material on the issue from the
> point of view of a single user personal system to an enterprise
> system, why would any desktop come with this activated as
> default and not be the other way around but with a simple option
> for root to change/activate this ability.
> I suspect that systemd with its countless strange service users
> has complicated this issue, but is this practice secure?

If a user can unplug a wall socket and power off PC this way - then
root requirement of poweroff is redundant.
Likewise if a user can press 'reset' button on PC - requiring to be root
is redundant for rebooting.
Same goes for laptops, tablets and even servers in certain situations.

On the other hand, if user connects to own PC by some means of remote
desktop protocol (be it VNC, <cough> RDesktop, SPICE, NoNX or good old
X) - then it's not the best idea probably to provide a user a simple way
to reboot or poweroff.

So, it all depends on whenever user has a physical access to the host in
question. Whenever certain software running as PID1 is able to identify
whenever is user 'on console' or not is can of worms that I refuse to
open.

Reco


Reply to: