password for shutdown - how to bypass?
Bruno Schneider
boschneider at gmail.com
Wed May 30 16:00:38 CEST 2007
On 5/23/07, Jannis Pohlmann wrote:
> There's something called xfsm-shutdown-helper in /usr/libexec/.
> Usually, you would add an entry in /etc/sudoers, allowing one or more
> users to run this command without being asked for their passwords.
If let users run xfsm-shutdown-helper through sudo (no matter if
passwords are asked), then anyone using the machine through network
will be able to shut it down, isn't it?
I found lots of references to the xfce4/shutdown.allow file. Is it
still enforced? I'm using XFCE 4.3.99.2.
Perhaps I could use PAM to allow users on the console (i.e. sitting at
the machine) to run xfsm-shutdown-helper as root, has anyone done this
before?
--
Bruno Schneider
http://www.dcc.ufla.br/~bruno/
More information about the Xfce
mailing list