http://bugzilla.opensuse.org/show_bug.cgi?id=1001001 Bug ID: 1001001 Summary: polkit session flags local and active are wrong; cannot shutdown/reboot XFCE without password Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: x86-64 OS: openSUSE 42.1 Status: NEW Severity: Normal Priority: P5 - None Component: Xfce Assignee: bnc-team-xfce@forge.provo.novell.com Reporter: royalsheeplauncher@zoho.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- On my 2 OpenSUSE Leap machines with XFCE, my main local user cannot shutdown the machine without invoking shutdown as root ("sudo systemctl shutdown"). My goal was to change this to shutdown using "systemctl poweroff" without need sudo (to what seems to be the standard freedesktop.org behavior https://wiki.archlinux.org/index.php/allow_users_to_shutdown#Using_systemd-l...). Upon trying to investigate the polkit config, log messages from /etc/polkit-1/rules.d/90-default-privs.rules (with debug set to true) show wrong values for subject.local and subject.active after running the command "systemctl poweroff" in a terminal without sudo ("journalctl -b -u polkit"): Sep 25 19:42:05 susedev polkitd[726]: Registered Authentication Agent for unix-process:17272:8291653 (system bus name :1.240 [<unknown>], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Sep 25 19:42:05 susedev polkitd[726]: /etc/polkit-1/rules.d/90-default-privs.rules:977: [Subject pid=17272 user='myuser' groups=wheel,users seat='' session='' local=false active=false] Sep 25 19:42:05 susedev polkitd[726]: /etc/polkit-1/rules.d/90-default-privs.rules:981: org.freedesktop.login1.power-off => auth_admin_keep Sep 25 19:42:05 susedev polkitd[726]: /etc/polkit-1/rules.d/90-default-privs.rules:977: [Subject pid=17272 user='myuser' groups=wheel,users seat='' session='' local=false active=false] Sep 25 19:42:05 susedev polkitd[726]: /etc/polkit-1/rules.d/90-default-privs.rules:981: org.freedesktop.login1.power-off-ignore-inhibit => auth_admin_keep Sep 25 19:42:05 susedev polkitd[726]: /etc/polkit-1/rules.d/90-default-privs.rules:977: [Subject pid=17272 user='myuser' groups=wheel,users seat='' session='' local=false active=false] Sep 25 19:42:05 susedev polkitd[726]: /etc/polkit-1/rules.d/90-default-privs.rules:981: org.freedesktop.login1.power-off-multiple-sessions => auth_admin_keep you see Subject.local and active is false. for this reason the action used is "auth_admin_keep" instead of "yes" (as configured in /etc/polkit-default-privs.standard) and cant shutdown without sudo. but the session doesn't seem bad - running "loginctl show-session $XDG_SESSION_ID" in same terminal give: Id=1 Name=myuser Timestamp=Sat 2016-09-24 20:40:32 EDT TimestampMonotonic=23382953 VTNr=7 Display=:0 Remote=no Service=lightdm-autologin Desktop=xfce Scope=session-1.scope Leader=1453 Audit=1 Type=x11 Class=user Active=yes State=active IdleHint=no IdleSinceHint=0 IdleSinceHintMonotonic=0 At this point I am lost as to why subject flags are wrong. -- You are receiving this mail because: You are on the CC list for the bug.