Why does "reboot" work as a user on Fedora Core?

If you are a normal (non-root) user on Fedora Core 9, you are able to reboot a machine without the usage of a password. Reboot initiates all kind of scripts that should normally be run as root, while "reboot" does not have a set user id bit set:

$ which reboot
$ ls -l /usr/bin/reboot
lrwxrwxrwx 1 root root 13 2008-11-11 22:18 /usr/bin/reboot -> consolehelper
$ ls -l /usr/bin/consolehelper
-rwxr-xr-x 1 root root 3904 2008-08-03 09:10 /usr/bin/consolehelper
$ file /usr/bin/consolehelper
/usr/bin/consolehelper: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.9, stripped

From the man page of consolehelper I find:

consolehelper  is  a  tool  that makes it easy for console users to run system programs, doing authentication via PAM (which can be set  up  to trust all console users or to ask for a password at the system administrator’s discretion).

And in /etc/pam.d/reboot there is:

auth       sufficient pam_rootok.so
auth       required pam_console.so
#auth       include system-auth
account    required pam_permit.so

And from the manpage of pam_console.so:

pam_console.so  is designed to give users at the physical console (virtual terminals and local xdm-managed X sessions by default, but that is configurable)  capabilities  that they would not otherwise have, and to take those capabilities away when the are no longer logged  in  at  the console.

So; reboot is permitted by non-root users when they are logged into the console. To test this, login to a machine, try "reboot":

reboot: Need to be root


I do appreciate this idea.

I do appreciate this idea. This is a useful information to me. - Stephen Samuelian

Investing profit rental

Investing profit rental property is really a long-term investment due to the returns this brings. The primary intention at the rear of this developing charm is actually earning earnings, either by way of leasing or even through cost appreciation. Property Investment

Businesses need several providers that enable these phones maintain prosperous operations. The type of various providers, having a good identity upon web is regarded as of excellent importance. Domain Registration

Property law in the uk has gone through great changes through the years and home owners need to be abreast from the latest laws which are regulating the different properties such as lands as well as buildings. Property law

About Consultancy Articles Contact

References Red Hat Certified Architect By Robert de Bock Robert de Bock
Curriculum Vitae By Fred Clausen +31 6 14 39 58 72
By Nelson Manning [email protected]