[desktop-discuss] [security-discuss] requirement for identifying a console user in RBAC
Bill Sommerfeld
sommerfeld at sun.com
Fri Aug 17 20:03:50 PDT 2007
On Thu, 2007-08-16 at 22:48 -0700, Glenn Faden wrote:
> Are you suggesting that a user is implicitly
> permitted to shutdown the system if they can login to the console?
That is an appropriate security policy for some environments (but
clearly not for all). It would be good to have a way to permit this
sort of policy.
(actually, one place I've worked even had a passwordless "shutdown"
login account that only worked on the console -- in an emergency, this
allowed anyone who could get at consoles to shut down machines cleanly.
- Bill
More information about the desktop-discuss
mailing list