[Mimedefang] Slightly OT: System shutdown by non-privledged u ser
Cormack, Ken
kcormack at acs.roadway.com
Tue Apr 20 09:27:12 EDT 2004
Dont forget to also restrict logins for that account to just the physical
console. You dont want people being able to telnet in to do this.
As for the post regarding control-alt-delete "and then powering down before
it reboots", any production Linux server should have it's "3-finger salute"
commented out of the inittab file. I'll explain why.
In our shop, we have racks and racks of NT servers. Our Linux mail servers
happen to also be rack-mounted, sharing space in a rack with some NT
servers. In addition, the servers in that rack share a common
keyboard/video/mouse (KVM).
Now tell me... what happens when an NT admin walks up to the console in that
rack, and hits control-alt-delete to log into one of the NT servers, without
first checking the KVM's menu to see which server is currently the "active"
server on that keyboard?
Bingo... the NT admin has just rebooted your server.
KEN CORMACK, RHCE
Sr. UNIX Systems Analyst,
Open Systems Group
Sr. Software Analyst,
TSG Midrange Systems Group
AFFILIATED COMPUTER SERVICES, INC.
"If that that is 'is' is that that is not 'not is', is that that is 'not is'
that that is not 'is'? It is!" - Ken Cormack
"Sendmail administration is not black magic. There are legitimate technical
reasons why it requires the sacrificing of a live chicken." - Unknown
-----Original Message-----
From: mimedefang-bounces at lists.roaringpenguin.com
[mailto:mimedefang-bounces at lists.roaringpenguin.com]On Behalf Of David
F. Skoll
Sent: Tuesday, April 20, 2004 9:16 AM
To: MIMEDefang,
Subject: Re: [Mimedefang] Slightly OT: System shutdown by non-privledged
user
On Tue, 20 Apr 2004 WBrown at e1b.org wrote:
> I need to develop a procedure to allow a non-priveledged user (computer
> room operator) to shut down my mail filter systems in case of power
> failure and the large room UPS running out of power.
If the operator has physical access to the machine, how about
doing Ctrl-Alt-Del and shutting it off before it reboots? (This assumes
you're using Linux on x86.)
Otherwise, you can create a user called "shutdown" whose passwd entry
would look like this:
shutdown:x:0:0:Shutdown Operator:/:/sbin/shutdown
and create a password that you give out to the operator. In fact,
many Linux distros already have a "shutdown" user, albeit with a locked
password.
Regards,
David.
_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list