Why do the system accounts shutdown, halt and sync have login shells?
Environment
- Red Hat Enterprise Linux All versions
Issue
-
Why do the following system accounts (UID < 500) have login shells?
# awk -F: '($1!="root" && $3<500 && $7!="/sbin/nologin") {print}' /etc/passwd sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/hal
Resolution
-
Instead of logging on as a regular user and then issuing the 'sudo shutdown' command, simply log in as user "shutdown", and the login takes care of running the shutdown command immediately.
# grep shutdown /etc/passwd shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown # grep shutdown /etc/shadow shutdown:*:14784:0:99999:7::: -
If login with this shutdown user was possible (the * in the second field prevents that here), then the system would run shutdown.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.