halt: must be a superuser to use halt blfs-support Digest, Vol 1532, Issue 1

[Ken Moffat]

On Mon, May 26, 2008 at 07:35:13PM +0530, Bharath Singh wrote:
> Hi all,
> Thank you for the suggestion from Dan and Ken.
> I used the chmod og+s /bin/mount
> and applied the same for halt as well
> Now I am able to mount and halt as a normal user
> But not sure about the security implications ;) but would like to know if
> there are any.
> 
 When replying from the digest, please also delete the posts you
aren't replaying to.  Thanks.

 Well, since I'm partly responsible for leading you down this
slippery slope, I'd better comment.

 First, you have to look at who is using your machine.  If you are
not the only human user, anyone with physical access can hit the
power button, so allowing normal users to shutdown cleanly on a
desktop will reduce their temptation to do an unclean shutdown.
But, there might be a vulnerability hiding in mount or shutdown -
if a user can exploit that, they can own the box.  Of course,
anyone with physical access who can boot from a CD or usb key can
also own the box.

 Tradition says that users should only be allowed to do what the
admin permits.  Letting them make arbitrary mounts will lead you
into a mess, or worse.

 On a server, it's even more likely that you don't want a normal
user accidentally shutting it down when they forgot they were
connected via ssh, or mounting something which obscures normal
commands or data (to say nothing of them mounting their own versions
of /usr/bin or whatever).

 As I said earlier, for data that users are expected to mount
(whether that is nfs, or samba, or usb-storage) you should be able
to edit /etc/fstab and create any necessary udev rules so that this
works.

ĸen
-- 
das eine Mal als Tragödie, das andere Mal als Farce