Hiding Shutdown/reboot in logout dialog and possible security issue
Anders Bruun Olsen
abo at dsl.dk
Thu Jul 10 13:57:57 UTC 2014
Well, the problem is that lightdm runs as root and happily takes commands
from any user logged in. This might be quite handy for desktop machines,
but it isn't pretty from a security perspective :)
Anyways, I don't need a login manager at all, since Nomachine just spins up
an lxsession for users. Nobody needs to login locally on the machine.
When users try to use the shutdown/reboot buttons they are given a
username/password dialog box, and when they can't provide a username with
sudo privileges they get an "access denied" message, which is fine. It
would just be better if I could hide those buttons completely so no users
get confused about what to push to logout. Admins that actually need to
reboot or shutdown the machine will do it from a prompt anyways.
2014-07-10 14:49 GMT+02:00 Israel <israeldahl at gmail.com>:
> On 07/10/2014 07:21 AM, Anders Bruun Olsen wrote:
> I am looking to build a new terminal server for remote desktops which
> will be accessed through NoMachine Enterprise. Lubuntu and LXDE looks like
> a nice fit, but I have run into a couple of issues.
> I have a default install of Lubuntu 14.04 64-bit. I have created a
> non-privileged user (no sudo rights). I have also installed NoMachine
> Enterprise Server. First thing I discovered was what I would almost call a
> security issue. When my non-privileged user is logged in remotely (with
> Nomachine Enterprise Client), choosing shutdown in the logout dialog
> actually does shut down the server. How can this user shut down the server,
> without root access? I found out, that if I ensure lightdm isn't running
> (nobody will login locally), my unprivileged user can't shut down the
> server, but will be asked for the password to a privileged user, so I guess
> this is an issue with lightdm. Is this really intended behavior?
> Next up, I would like to hide the shutdown and reboot buttons in the
> logout dialog. The only way I have been able to find by searching, is to
> actually change the source code for lxsession-logout and recompile. Is
> there really no other way to hide those buttons?
> Anders Bruun Olsen
> Det Danske Sprog- og Litteraturselskab
> (Society for Danish Language and Literature)
> Hi Anders!
> The commands for shutting down, and rebooting are sudo commands. (sudo
> shutdown -h now or sudo reboot) However certain programs are granted
> access to run these commands from root. So it should be possible to not
> allow those programs to shutdown without a password. This also includes
> the lxsession-logout. Can the unprivaleged user run the logout dialog and
> shutdown from there as well (this is the power button on the panel, unless
> you have removed it).
> Unfortunately I cannot remember right this moment what grants these
> programs access to run those commands without need a user password. But
> this might give you something to search for. There are some people on this
> list who may be able to clarify what I am getting at, and may even know how
> this is done specifically.
> On the other hand, there are other login managers such as SLIM. You may
> need to configure it a bit to get it looking the way you want and have the
> options you want, but that might be the easier choice, unless the logout
> dialog can let the user shutdown the server as well...
> Lubuntu-users mailing list
> Lubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
Anders Bruun Olsen
Det Danske Sprog- og Litteraturselskab
(Society for Danish Language and Literature)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Lubuntu-users