Il 24/01/20 15:11, Simon Matter via CentOS ha scritto:>> Hi list, >> >> I installed on my workstation C8.1 (1911) and performed a minimal >> install and then installed XFCE from EPEL. >> >> I noticed a strange behaviour (don't know if this is the wanted >> default). If I try ,from normal user shell, to run command like "reboot" >> or "shutdown -h now" system will reboot/shutdown. This happens on tty >> console, on xfce terminal and ssh session. > But can you describe exactly in which situation user x can shutdown? I > mean, if you say via ssh connection, is it that user x is at the same time > also logged in into XFCE desktop on the same system? Or is it also true if > the only login to the system at this time is via the ssh connection and > then user x is still able to shutdown? > > I mean if user x runs the XFCE session remote on the system using ssh X11 > forwarding, NX or whatever, then user x should really NOT be able to > shutdown without providing the root password. That would be a nightmare > for multi user systems :-) > > Regards, > Simon > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centosHi Simon, I tried on my system using XFCE, I tried with a fresh installation on vm without X (using minimal and server installation), inside ssh with/without user logged and from tty console. Try to reproduce it. Install C8 on a VM using minimal installation, login in as normal user an type reboot.
> > Il 24/01/20 15:11, Simon Matter via CentOS ha scritto: >>> Hi list, >>> >>> I installed on my workstation C8.1 (1911) and performed a minimal >>> install and then installed XFCE from EPEL. >>> >>> I noticed a strange behaviour (don't know if this is the wanted >>> default). If I try ,from normal user shell, to run command like >>> "reboot" >>> or "shutdown -h now" system will reboot/shutdown. This happens on tty >>> console, on xfce terminal and ssh session. >> But can you describe exactly in which situation user x can shutdown? I >> mean, if you say via ssh connection, is it that user x is at the same >> time >> also logged in into XFCE desktop on the same system? Or is it also true >> if >> the only login to the system at this time is via the ssh connection and >> then user x is still able to shutdown? >> >> I mean if user x runs the XFCE session remote on the system using ssh >> X11 >> forwarding, NX or whatever, then user x should really NOT be able to >> shutdown without providing the root password. That would be a nightmare >> for multi user systems :-) >> >> Regards, >> Simon >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos > > Hi Simon, > > I tried on my system using XFCE, I tried with a fresh installation on vm > without X (using minimal and server installation), inside ssh > with/without user logged and from tty console. > > Try to reproduce it. Install C8 on a VM using minimal installation, > login in as normal user an type reboot.Well, I didn't install C8 yet but do you say that if do a fresh server type install of C8 on a host, add an unprivileged user, login via ssh to the user account on the host, you can reboot then? Regards, Simon
Il 24/01/20 15:47, Simon Matter via CentOS ha scritto:>> Il 24/01/20 15:11, Simon Matter via CentOS ha scritto: >>>> Hi list, >>>> >>>> I installed on my workstation C8.1 (1911) and performed a minimal >>>> install and then installed XFCE from EPEL. >>>> >>>> I noticed a strange behaviour (don't know if this is the wanted >>>> default). If I try ,from normal user shell, to run command like >>>> "reboot" >>>> or "shutdown -h now" system will reboot/shutdown. This happens on tty >>>> console, on xfce terminal and ssh session. >>> But can you describe exactly in which situation user x can shutdown? I >>> mean, if you say via ssh connection, is it that user x is at the same >>> time >>> also logged in into XFCE desktop on the same system? Or is it also true >>> if >>> the only login to the system at this time is via the ssh connection and >>> then user x is still able to shutdown? >>> >>> I mean if user x runs the XFCE session remote on the system using ssh >>> X11 >>> forwarding, NX or whatever, then user x should really NOT be able to >>> shutdown without providing the root password. That would be a nightmare >>> for multi user systems :-) >>> >>> Regards, >>> Simon >>> >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> https://lists.centos.org/mailman/listinfo/centos >> Hi Simon, >> >> I tried on my system using XFCE, I tried with a fresh installation on vm >> without X (using minimal and server installation), inside ssh >> with/without user logged and from tty console. >> >> Try to reproduce it. Install C8 on a VM using minimal installation, >> login in as normal user an type reboot. > Well, I didn't install C8 yet but do you say that if do a fresh server > type install of C8 on a host, add an unprivileged user, login via ssh to > the user account on the host, you can reboot then?This is what is happening to my C8 installation on VM or physical server. If you can confirm this, the only thing that remains to understand is if this is a bug or a default policy. If not, there is something wrong in my fresh installation but I cannot identify what.