2

We have a shared Fedora 19 box in our lab. Most people have root access for obvious reasons. I want to know if there is a way such that reset/reboot/shutdown can be restricted when there are active ssh sessions. For e.g., when reset/reboot/shutdown is done from command line there is a check that if users are connected to the system, there is a warning on the command prompt and the command is not executed.

Gaurav Goyal
  • 33
  • 3
  • 8
    "*Most people have root access for obvious reasons*"... such as what? It seems to me that when you're asking a question about how to make root not be root, you've run across some of the reaons normally considered obvious for **not** letting everyone have root access. Focus on taking that off them. – MadHatter Aug 05 '15 at 06:52
  • I'd look to using SELinux rules for this. I'll make this a comment though rather than doing the legwork required to make a good answer of it. Maybe someone can follow up, but you should indicate whether SELinux is viable for you. E.g. If you turn it on in its default configuration, can you still do the things you need to do with the system at present? Or is it already turned on? – mc0e Aug 05 '15 at 07:44
  • SELinux is already tunred on. As such there is no system administrator for this machine so everyone has been given root access. – Gaurav Goyal Aug 05 '15 at 09:26

1 Answers1

4

If you primarily want to protect against someone accidentally rebooting, etc while there are other users logged in I'd say that the easiest approach is to create some kind of override for the reboot/shutdown/poweroff commands. That override would then perform whatever checks you want it to perform, before then calling the real binary.

The least intrusive methods to create such an override ought to be to either have a shell alias pointing to a custom script or to define a shell function. Both aliases and functions are tried before the shell goes looking for an executable in the PATH.

andol
  • 6,848
  • 28
  • 43