Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 6838

Summary: Default config allows anyone to halt/reboot the machine
Product: [Retired] Red Hat Linux Reporter: Chris Siebenmann <cks-rhbugzilla>
Component: gdmAssignee: Michael Fulbright <msf>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-11-15 20:02:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Chris Siebenmann 1999-11-08 23:19:01 UTC
The default gdm configuration allows anyone in front of
the console to reboot or halt the machine without having
to surrender any sort of password. This is especially
peculiar as, once you log in, you will have to give a
password to do this.

 I believe that the default should be to require the
root password before allowing halt/shutdown.

Comment 1 Preston Brown 1999-11-15 20:02:59 UTC
we believe that a user having console access already has more than enough
opportunity to halt or reboot the machine physically.  In the case of a
"cluster" type situation where a network of workstations is installed in a
public area, this can easily be changed via a modified configuration.  However,
the defaults are appropriate in the majority of cases.

Comment 2 Preston Brown 1999-11-15 20:04:59 UTC
*** Bug 6839 has been marked as a duplicate of this bug. ***