Shutdown is too easy

Alexander Toresson alexander.toresson at gmail.com
Wed Jul 20 23:32:49 CEST 2005


NOPASSWD: ALL is not a good thing because:

1. Having a password prompt is a check for yourself, to give you
another chance to stop from doing something that could be disastrous.

2. Anyone who has access to your user has automatically the priviliges
(sp?) of root.

Regards, Alexander Toresson

On 7/20/05, David A. De Graaf <dad at datix.2y.net> wrote:
> On Wed, Jul 20, 2005 at 10:08:58AM +0200, Jean-Fran?ois Wauthy wrote:
> > Le mardi 19 juillet 2005 à 23:33 -0400, David A. De Graaf a écrit :
> > > The 'exit' popup window offers three choices:
> > >   - Quit current session
> > >   - Reboot the computer
> > >   - Turn off the computer
> > >
> > > The convenience of single clicking to shut down the computer is vastly
> > > exceeded by the danger.  I would like to delete or disable this
> > > third option.  Such an irreversible action should take more effort.
> > >
> > > In preparation for a trip, I was experimenting with running a VNC
> > > connection from a laptop over an SSH tunnel to my main home computer.
> > > (XFCE works great in this configuration!)  However, I accidentally clicked
> > > "Turn off the computer".  Luckily I was sitting at home and could push
> > > the power button to turn it back on, but the thought of doing this while
> > > away from home is too scary to think about.
> > >
> > > Is there a way to remove this dangerous option?
> > >
> > IIRC the only way to stop the system whithout any further confirmation
> > is by setting sudo to not ask password for the current user for at
> > least /sbin/halt, /sbin/reboot/ and /sbin/shutdown
> >
> > so i'd say configure sudo to ask you a password when you try to shutdown
> > the system...
> >
> 
> You have diagnosed my problem perfectly.  Thank you, Jean-François
> Wauthy.
> 
> I had configured sudo to let me do everything (pretty dumb, I know):
>     dad     ALL=(ALL) NOPASSWD: ALL
> 
> This includes whatever command is used by the shutdown cartoon.
> However an attempt to exclude shutdown failed to restrict it:
>     dad     datium=PASSWD: /sbin/shutdown, NOPASSWD: ALL
> 
> I either misunderstand the man page for 'sudoers' (which is the
> epitome of incomprehensibility), or the shutdown icon mysteriously
> uses some command other than /sbin/shutdown.  (Sometimes I really hate
> GUI interfaces!)
> 
> In any case, I've removed all interventions with sudo and now XFCE
> shuts down as it should - by requiring a password.
> 
> --
>         David A. De Graaf    DATIX, Inc.    Hendersonville, NC
>         dad at datix.2y.net     www.datix.us
> _______________________________________________
> Xfce mailing list
> Xfce at xfce.org
> http://foo-projects.org/mailman/listinfo/xfce
> http://www.xfce.org
>



More information about the Xfce mailing list