Why do the system accounts shutdown, halt and sync have login shells?
Environment
- Red Hat Enterprise Linux (RHEL) all versions
Issue
- Why do the following system accounts have login shells?
# awk -F: '($1!="root" && $3<500 && $7!="/sbin/nologin") {print}' /etc/passwd
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
NOTE: System accounts has different UID boundaries according to the RHEL version
- in RHEL6 and below have UID < 500
- in RHEL7 and above have UID < 1000
Resolution
- Instead of logging on as a regular user and then issuing the 'sudo shutdown' command, simply log in as user "shutdown", and the login takes care of running the shutdown command immediately.
# grep shutdown /etc/passwd
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
# grep shutdown /etc/shadow
shutdown:*:14784:0:99999:7:::
- If login with this shutdown user was possible (the * in the second field prevents that here), then the system would run shutdown.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments