Bug 17910
| Summary: | Do not allow 'operators' to drop to single user via shutdown | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | Anarcat <beaupran> | ||||
| Component: | bin | Assignee: | freebsd-bugs (Nobody) <bugs> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | ||||||
| Priority: | Normal | ||||||
| Version: | 3.4-STABLE | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
On Mon, Apr 10, 2000 at 04:51:13PM -0400, The AnarCat wrote:
>
> >Description:
>
> The shutdown(8) utility can be used to stop the system so that
> it drops to single-user modem, by any user in the operator group. This
> situation may not be desirable in the case of "public" workstations.
>
> For example, say you have some workstations of which the only access is
> through the keyboard and monitor. You do not wish to have any user have
> root access on these boxes. A user may shutdown(8) the machine, if he's
> got the permissions (operator group membership in the default setup) but
> should never have single-user access (this also implies that the console
> is marked "secure" in /etc/ttys, of course).
You already metioned the real solution. Just remove secure from
/etc/ttys. In any case, it is delusional to think a machine you provide
physical access to is secure. Root is only a floppy disk (or, at most,
a few case screws and a jumper) away. Breaking shutdown won't really
help since you can go to single user at the boot prompt.
-- Brooks
--
Any statement of the form "X is the one, true Y" is FALSE.
State Changed From-To: open->closed Asked and answered, closed at the originator's request. :-) |
The shutdown(8) utility can be used to stop the system so that it drops to single-user modem, by any user in the operator group. This situation may not be desirable in the case of "public" workstations. For example, say you have some workstations of which the only access is through the keyboard and monitor. You do not wish to have any user have root access on these boxes. A user may shutdown(8) the machine, if he's got the permissions (operator group membership in the default setup) but should never have single-user access (this also implies that the console is marked "secure" in /etc/ttys, of course). Fix: Patch to sbin/shutdown.c: How-To-Repeat: User john is in the "operator" group: login: john password: $ shutdown now [single user mode]