Re: [expert] "No authorized users logged in"

Tue, 08 Aug 2000 04:20:09 -0700 

on 8/7/00 10:10 PM, Brian T. Schellenberger  wrote:

> 
> Does the lack of response mean that I won at "stump the band" here?
hi,

try adding a user (shutdownguy) to /etc/shutdown.allow and always have that
user logged in.

Gavin

here's what man shutdown says:

ACCESS CONTROL
       shutdown  can  be  called from init(8) when the magic keys
       CTRL-ALT-DEL are pressed, by creating an appropriate entry
       in /etc/inittab. This means that everyone who has physical
       access to the console keyboard can shut the  system  down.
       To  prevent  this,  shutdown can check to see if an autho­
       rized user is logged in on one of the virtual consoles. If
       shutdown  is  called with the -a argument (add this to the
       invocation of shutdown in /etc/inittab), it checks to  see
       if  the file /etc/shutdown.allow is present.  It then com­
       pares the login names in that file with the list of people
       that   are   logged   in   on   a  virtual  console  (from
       /var/run/utmp). Only if one of those authorized  users  or
       root  is  logged  in,  it  will proceed. Otherwise it will
       write the message

       shutdown: no authorized users logged in

       to the (physical) system console. The format of /etc/shut­
       down.allow is one user name per line. Empty lines and com­
       ment lines (prefixed by a #) are allowed. Currently  there
       is a limit of 32 users in this file.


> "Brian T. Schellenberger" wrote:
>> 
>> On my gateway/firewall machine, I get the message "no authorized users
>> logged in" when I try to reboot, unless root is logged in.
>> 
>> I'd like for CTL+ALT+DEL to reboot it even if *nobody* is logged in.
>> 
>> To make a a short story long . . .
>> 
>> I'm sure that the problem is that the security level is set to high;
>> that's because it's a firewall machine, and I want high security w/r/t
>> the outside world, but I want "running with scissors" security w/r/t to
>> the physical world.
>> 
>> (In fact, as a reflection of this, I have a *very* secure
>> password--randomly generated from a maximal character set--but I have
>> the password taped onto the front of the box.  If a bad guy is already
>> standing in front of my firewall, I've got much bigger problems than the
>> security of my *computer* system.)
>> 
>> The keyword is physically inaccessible (difficult to get to, that is),
>> so logging in as root just to reboot is a real pain.  Frequently I wind
>> up just hitting the power switch, but this is obviously a less than
>> ideal way to reboot on a regular basis.
>> 
>> So . . .
>> 
>> What controls this?  How can I change it?

Reply via email to