http://bugzilla.opensuse.org/show_bug.cgi?id=1025175
http://bugzilla.opensuse.org/show_bug.cgi?id=1025175#c4
Andreas Stieger
So a normal user without sudo should be able to power off a Opensuse machine?
Yes, if logged in to a VT or the local X server. This is what you ostensibly left out. That's the whole point of differentiating these permissions via services. Everything else is just arguing what the default should be. Please read in... grep power-off /etc/polkit-default-privs.* YaST / Security and Users / Security Center and Hardening / ... e.g. setting the profile to network server will change that behaviour and ask for elevated privileges.
Also having a non-root user be able to control the powerstate of a machine could be considered a breech of security.
Not if this was actually intended. And it is intended for desktop class systems. It would only be a security issue if the stated goal was that this was not possible. See above, you are simply mistaken.
Here is a video link of this in action in a VM. I did this in a VM only because if i did it to my running machine i would lose my background processes like the recording software.
Nice. Same rationale applies. Also if you are in a VM host you control the whole machine anyway, equivalent to physical access. Resolving as invalid: Intended behavior. Adjust permissions profiles to effect the desired polkit configuration. Feel free to re-open if you can demonstrate that contrary to the intended and configured behavior this crosses a security boundary. -- You are receiving this mail because: You are on the CC list for the bug.