Asking a user for the root password and executing root only c ommands...

[Bengt Richter]

On Tue, 5 Nov 2002 17:36 +0000 (GMT Standard Time), mark.charsley at REMOVE_THIS.radioscape.com (Mark Charsley) wrote:

>In article <apqh92$pve$0 at 216.39.172.122>, bokr at oz.net (Bengt Richter) 
>wrote:
>
>> Kind of funny (not) that /sbin/shutdown must be run as root,
>
which is obviously the correct thing
>Thus preventing plain users logged in over telnet /ssh etc from rebooting 
>your machine.
right
>
whereas
>> but by default any doorknob rattler could kick it off with ctrl-alt-del
>> without being asked for a password. Not a cool default config IMO ;-/
>
>Thus providing anyone with accesss to the console's power switch a more 
>computer-friendly way of rebooting a locked-up machine than power-cycling 
>it.
It's a bit too friendly for my taste ;-) I accidentally did it too many times,
because I am used to the the keying pattern to get past the locking screensaver
on my NT box, so when I turn to the linux box I just do the same if I am at all
distracted.

In my situation, I'm not worried about malicious people who could push the
power button or pull the plug. If I were, I would use the lock that's built
in to the case for that old box. Or lock the whole thing in a ventilated closet,
etc.

>
>Seems a cool config to me.
If your windows keyboard and linux keyboard were close, and you switched frequently
back and forth, it probably wouldn't seem so cool, just practically.

But on principle, I am against too "friendly" _defaults_. They are responsible
for a heck of a lot of trouble. IMO, you should have to make a positive
decision to enable stuff during install, not take trouble to disable stuff.

I am going to rebuild my NT system on a bigger disk, and I procrastinate because
I'd really like to lock it down, but to do so is such a frustrating fight. BTW,
is there a lockdown script in Python that would ease the pain? I haven't even
googled ;-/

Regards,
Bengt Richter