Bug ID 1010779
Summary setting rules via polkit-default-privs.local has no effect
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.2
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter wagner-thomas@gmx.at
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

I intended to set up a system based on Leap 42.2 where users are not allowed to
shutdown/reboot the machine.
According to the documentation point 9.4.3 from [1], I added the following
lines to /etc/polkit-default-privs.local
<snip>
org.freedesktop.login1.power-off no
org.freedesktop.login1.reboot no

<snap>
Then I issued the following command to update the rules:
# sudo /sbin/set_polkit_default_privs

However, users can still use systemctl to reboot or shutdown. The rule doesn't
seem to be applied.

# pkaction -v -a org.freedesktop.login1.reboot
org.freedesktop.login1.reboot:
  description:       Reboot the system
  message:           Authentication is required for rebooting the system.
  vendor:            The systemd Project
  vendor_url:        http://www.freedesktop.org/wiki/Software/systemd
  icon:
  implicit any:      auth_admin_keep
  implicit inactive: auth_admin_keep
  implicit active:   yes
  annotation:        org.freedesktop.policykit.imply ->
org.freedesktop.login1.set-wall-message

Is this a bug of polkit or the documentation?

[1]
https://doc.opensuse.org/documentation/leap/security/html/book.security/cha.security.policykit.html

You are receiving this mail because: