inst182@tuvie (Inst.f.Techn.Informatik) (02/15/90)
We have a problem here: How can we prevent people from shutting down the machine on the command line of the display manager ? This is especially troublesome, because there is no warning for users logged in from normal vt100 terminals... ____ ____ / / / / / Michael K. Gschwind mike@vlsivie.at / / / / / Institute for VLSI-Design mike@vlsivie.uucp ---/ Technical University, Vienna / ___/
lray@CIVILGATE.CE.UIUC.EDU (Leland Ray) (02/16/90)
>From: inst182%tuvie%mcsun%sunic%luth%eru.uucp@bloom-beacon.mit.edu (Inst.f.Techn.Informatik) > >We have a problem here: >How can we prevent people from shutting down the machine on the >command line of the display manager ? >This is especially troublesome, because there is no warning for >users logged in from normal vt100 terminals... In a word, you can't. Here at the UI, we take the old world approach. We tell everyone who needs to shut down machines how to check resources via llkob. In other cases, /etc/shutdown runs quite nicely (I wish it would throw a message on diskless partners, though). Any person who is the victim of a node shutdown is given the name and address of the person who caused them the trouble. We seldom have repeat customers. Just spendin' my days, Leland Ray Systems Administrator Soakin' in them cathode rays. UIUC - Dept. Civil Engineering lray@civilgate.ce.uiuc.edu (217) 333-3821
krowitz%richter@UMIX.CC.UMICH.EDU (David Krowitz) (02/16/90)
I just recently received a reply to an old APR regarding safeguarding the "shut" and "ex" commands. According to the reply, the system now looks for the file /sys/node_data/dm_display/shut_lock whenever you issue the DM commands "shut" or "ex". If you have access rights to the file, then the system proceeds with the shutdown. If the file does not exist, then the system goes ahead with the shutdown. If no one is logged in (ie. the DM command line says "plead login") and the file exists, then the system refuses to shutdown until you have logged in and reissued the command. I have not tried any of this yet, as I just received the reply this morning. -- David Krowitz krowitz@richter.mit.edu (18.83.0.109) krowitz%richter.mit.edu@eddie.mit.edu krowitz%richter.mit.edu@mitvma.bitnet (in order of decreasing preference)
krowitz%richter@UMIX.CC.UMICH.EDU (David Krowitz) (02/16/90)
Well, having just put that last message on the net, I'll have to issue a disclaimer ... I just had the time to try out the instructions in the APR response and wound up shutting down my node! I tried creating a "shut_lock" file in `node_data/dm_display and in /etc/dm_display (the former directory was the one mentioned in the APR, but did not exist on my 10.2 system, the latter was already existant), and neither file prevented me from "ex"ing the node. Anyone else had better luck with this? -- David Krowitz krowitz@richter.mit.edu (18.83.0.109) krowitz%richter.mit.edu@eddie.mit.edu krowitz%richter.mit.edu@mitvma.bitnet (in order of decreasing preference)
inst182@tuvie (Inst.f.Techn.Informatik) (02/16/90)
In article <9002152207.AA19871@richter.mit.edu> krowitz%richter@UMIX.CC.UMICH.EDU (David Krowitz) writes: >I tried creating a "shut_lock" file in `node_data/dm_display >and in /etc/dm_display (the former directory was the one >mentioned in the APR, but did not exist on my 10.2 system, >the latter was already existant), and neither file prevented >me from "ex"ing the node. > >Anyone else had better luck with this? > > -- David Krowitz What about the Apollo people answering this question? I've been told that my predecessors tried to explain to the local Apollo guys that this situation is not a desirable situation, however either they really did not understand it or they did not like to understand the problem. bye, mike ____ ____ / / / / / Michael K. Gschwind mike@vlsivie.at / / / / / Institute for VLSI-Design mike@vlsivie.uucp ---/ Technical University, Vienna / ___/
ccsmm@bath.ac.uk (Martin Maclaren) (02/18/90)
On the subject of security, I've had some hasstle with trying to lock up the /sys/print/queue & /sys/print/spooler dirtectories ( at 9.7 ). The only protection that /com/prsvr seems to like is at least world dwrx rights on initial files. - Anyone had any luck with this one? On the 'SHUT' and 'EX' fronts from DM, is it possible to edit the dm binary in the appropriate places at SR 10.2? It seems rather an extreme move. Also, I just tried the following..... # cat > s.c main() { os_$shutdown(); } *** EOF *** # cc s.c # a.out It worked. Martin