http://bugzilla.suse.com/show_bug.cgi?id=1010779 Bug ID: 1010779 Summary: setting rules via polkit-default-privs.local has no effect Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: wagner-thomas@gmx.at QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I intended to set up a system based on Leap 42.2 where users are not allowed to shutdown/reboot the machine. According to the documentation point 9.4.3 from [1], I added the following lines to /etc/polkit-default-privs.local <snip> org.freedesktop.login1.power-off no org.freedesktop.login1.reboot no <snap> Then I issued the following command to update the rules: # sudo /sbin/set_polkit_default_privs However, users can still use systemctl to reboot or shutdown. The rule doesn't seem to be applied. # pkaction -v -a org.freedesktop.login1.reboot org.freedesktop.login1.reboot: description: Reboot the system message: Authentication is required for rebooting the system. vendor: The systemd Project vendor_url: http://www.freedesktop.org/wiki/Software/systemd icon: implicit any: auth_admin_keep implicit inactive: auth_admin_keep implicit active: yes annotation: org.freedesktop.policykit.imply -> org.freedesktop.login1.set-wall-message Is this a bug of polkit or the documentation? [1] https://doc.opensuse.org/documentation/leap/security/html/book.security/cha.... -- You are receiving this mail because: You are on the CC list for the bug.