Bug ID | 1010779 |
---|---|
Summary | setting rules via polkit-default-privs.local has no effect |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.2 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | wagner-thomas@gmx.at |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
I intended to set up a system based on Leap 42.2 where users are not allowed to shutdown/reboot the machine. According to the documentation point 9.4.3 from [1], I added the following lines to /etc/polkit-default-privs.local <snip> org.freedesktop.login1.power-off no org.freedesktop.login1.reboot no <snap> Then I issued the following command to update the rules: # sudo /sbin/set_polkit_default_privs However, users can still use systemctl to reboot or shutdown. The rule doesn't seem to be applied. # pkaction -v -a org.freedesktop.login1.reboot org.freedesktop.login1.reboot: description: Reboot the system message: Authentication is required for rebooting the system. vendor: The systemd Project vendor_url: http://www.freedesktop.org/wiki/Software/systemd icon: implicit any: auth_admin_keep implicit inactive: auth_admin_keep implicit active: yes annotation: org.freedesktop.policykit.imply -> org.freedesktop.login1.set-wall-message Is this a bug of polkit or the documentation? [1] https://doc.opensuse.org/documentation/leap/security/html/book.security/cha.security.policykit.html