on 8/7/00 10:10 PM, Brian T. Schellenberger wrote:
>
> Does the lack of response mean that I won at "stump the band" here?
hi,
try adding a user (shutdownguy) to /etc/shutdown.allow and always have that
user logged in.
Gavin
here's what man shutdown says:
ACCESS CONTROL
shutdown can be called from init(8) when the magic keys
CTRL-ALT-DEL are pressed, by creating an appropriate entry
in /etc/inittab. This means that everyone who has physical
access to the console keyboard can shut the system down.
To prevent this, shutdown can check to see if an autho
rized user is logged in on one of the virtual consoles. If
shutdown is called with the -a argument (add this to the
invocation of shutdown in /etc/inittab), it checks to see
if the file /etc/shutdown.allow is present. It then com
pares the login names in that file with the list of people
that are logged in on a virtual console (from
/var/run/utmp). Only if one of those authorized users or
root is logged in, it will proceed. Otherwise it will
write the message
shutdown: no authorized users logged in
to the (physical) system console. The format of /etc/shut
down.allow is one user name per line. Empty lines and com
ment lines (prefixed by a #) are allowed. Currently there
is a limit of 32 users in this file.
> "Brian T. Schellenberger" wrote:
>>
>> On my gateway/firewall machine, I get the message "no authorized users
>> logged in" when I try to reboot, unless root is logged in.
>>
>> I'd like for CTL+ALT+DEL to reboot it even if *nobody* is logged in.
>>
>> To make a a short story long . . .
>>
>> I'm sure that the problem is that the security level is set to high;
>> that's because it's a firewall machine, and I want high security w/r/t
>> the outside world, but I want "running with scissors" security w/r/t to
>> the physical world.
>>
>> (In fact, as a reflection of this, I have a *very* secure
>> password--randomly generated from a maximal character set--but I have
>> the password taped onto the front of the box. If a bad guy is already
>> standing in front of my firewall, I've got much bigger problems than the
>> security of my *computer* system.)
>>
>> The keyword is physically inaccessible (difficult to get to, that is),
>> so logging in as root just to reboot is a real pain. Frequently I wind
>> up just hitting the power switch, but this is obviously a less than
>> ideal way to reboot on a regular basis.
>>
>> So . . .
>>
>> What controls this? How can I change it?