Why do the system accounts shutdown, halt and sync have login shells?
Environment
- Red Hat Enterprise Linux (RHEL) all versions
Issue
-
Why do the following system accounts have login shells?
# awk -F: '($1!="root" && $3<500 && $7!="/sbin/nologin") {print}' /etc/passwd sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/hal
NOTE: System accounts has different UID boundaries according to the RHEL version
- in RHEL6 and below have UID < 500
- in RHEL7 and above have UID < 1000
Resolution
-
Instead of logging on as a regular user and then issuing the 'sudo shutdown' command, simply log in as user "shutdown", and the login takes care of running the shutdown command immediately.
# grep shutdown /etc/passwd shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown # grep shutdown /etc/shadow shutdown:*:14784:0:99999:7::: -
If login with this shutdown user was possible (the * in the second field prevents that here), then the system would run shutdown.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments