Subject: Re: require root passwd for single user mode login?
From: Martin Costabel (costabel@wanadoo.fr)
Date: Tue Aug 29 2000 - 12:38:45 MDT
Richard West wrote:
>
> > I suppose - but that's only if it's a standard computer in someone's
> > office. What if it's a computer that's part of a kiosk (or something
> > similar) where physically disconnecting power is much more difficult?
> > Root password should still be required. (once they have it rebooting,
> > they can use interactive startup to disable whatever goes on).
> > Perhaps there should be different policies for reboot and for halt?
> > Root for reboot, user for halt, root for shutdown?
>
> At that point, it really should be an end-user customizable option rather than
> a default of the OS, no? Especially since every need is unique, and, in only a
> few (aka <10%) of the situations do you have setups where physical access to
> the machine is _not_ all empowering..
If I may insert my 0.02 EUR:
I don't know if I have a non-standard configuration, but on my system I
find a directory /etc/security/console.apps, apparently installed by the
"usermode" RPM. This directory contains files, one for each application
that will be allowed for console users. If you remove the files for
shutdown and reboot, you will need root priviledges to use these
programs, even on the console. So this *is* configurable. See "man
console.apps".
The only question is how the default configuration should be. And there
I think it is not hard to defend the present configuration chosen by
RedHat&clones. Sys admins should, after all, be able to understand this
and change the default config :-)
-- Martin
This archive was generated by hypermail 2a24 : Tue Aug 29 2000 - 12:43:51 MDT