PDA

View Full Version : Shutdown button through remote sessions: dangerous and stupid


cuban_cigar
26th May 2010, 07:43 PM
When you nx into a machine on fedora 12, there is a cute "shutdown" button now below the logout button.

I should not have to explain to the developers how absolutely dangerous and foolhardy it was to put that there.


If a remote server shuts down, thats it.


Do not pass go, do not collect $200


Backsides are on the line, and it will hit the fan if someone accidently presses "Shutdown" instead of "Logout"



I did this, and my ass was saved because there were people physically by the server, and another server took over via heartbeat.



People will lose their jobs over this, mark my words,

If you want to shut down the server remotely via an X session, open a terminal and type "halt -p", no mistakes that way.


Its like you put a bear trap strong enough to snap a persons leg in half, right in the middle of a crowded urban sidewalk.


RIDICULOUS!

bad devs,


bad

SlowJet
26th May 2010, 08:06 PM
Well nx is old and nx devel's are nerds.
I feel the same way about the screen saver.
Sso use better methods.
Isn't this more about an unsecured process and not enough security defined for the user.

nx root@host.com
<entrer password>
xxxx
access denied
C^

nx me@host.com
<enter password>
MemyselfandI
$

$ cd /
$ su-c 'shutdown -h now'
<you do not have permission to run this command.>

$ sudo -c 'shutdown -h now'
<me not in the wheel -access denied>

Something along those lines.

SJ