upstart

shutdown -a missing - can not use /etc/shutdown.allow - ACL

Bug #107469 reported by Matthias Mailänder on 2007-04-18

Affects		Status	Importance	Assigned to	Milestone
	upstart	Won't Fix	Low	Unassigned

Bug Description

from http://www.netadmintools.com/html/8shutdown.man.html

"If shutdown is called with the -a argument (add this to the invocation of shutdown in /etc/inittab), it checks to see if the file /etc/shutdown.allow is present. It then compares the login names in that file with the list of people that are logged in on a virtual console (from /var/run/utmp). Only if one of those authorized users or root is logged in, it will proceed. Otherwise it will write the message - shutdown: no authorized users logged in - to the (physical) system console. The format of /etc/shutdown.allow is one user name per line. Empty lines and comment lines (prefixed by a #) are allowed. Currently there is a limit of 32 users in this file."

This seems to be missing in Feisty.

Revision history for this message

Scott James Remnant (Canonical) (canonical-scott) wrote on 2007-05-23:

Confirmed, another missing feature of the compat/sysv/shutdown utility

Changed in upstart:
importance:	Undecided → Low
status:	Unconfirmed → Confirmed

Scott James Remnant (Canonical) (canonical-scott) on 2007-10-08

Changed in upstart:
status:	Confirmed → Triaged

Revision history for this message

drink (martin-espinoza) wrote on 2007-10-15:

Is this really a bug? If you want the -a flag, then the sysvinit package is available to you. Also upstart has other flaws, like it's not compatible with selinux (or, presumably, other RBAC schemes?)

On the other hand, I should go make a feature request for the shutdown.allow file to a) support more users and b) support groups, perhaps prefixed with '%'. Now, who is maintaining sysvinit upstream? :)

I think the right way to handle this is actually through RBAC, e.g. selinux. GDM supports RBAC if it's built with the proper option, so if a user doesn't have permission to shut down etc it can be configured not to show it to them. Feisty's GDM at least is new enough, although I don't yet know if it has the option. I'm working on installing selinux for just this purpose.

It is rather curious that gnome doesn't have an option to prevent a user from shutting down through the gnome system. You can disable logout, or the panel item entirely, but not shutdown!?

Revision history for this message

Scott James Remnant (Canonical) (canonical-scott) wrote on 2008-06-02:

For various reasons, the compat branch of shutdown and reboot are being dropped -- these will now be considered Upstart Native tools and may not behave 100% like their sysvinit equivalents

Changed in upstart:
status:	Triaged → Won't Fix

Scott James Remnant (Canonical) (canonical-scott) on 2008-08-14

Changed in upstart:
milestone:	0.5 → none

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.