/me shakes head in despair..... Two questions get asked... ... and the response is a lecture-style, based on a (wrong) assumption that everyone is just migrating from Windows (only use that excuse for an OS when my work enforces it on me - my Linux use goes back to RH4.0 back in '96) and a sizable, if somewhat irrelevant discussion - for which I now must put my oar in, and no actual practical assistance on the problem in hand. This (from M Harris) philosophy does hold true of servers and mainframes, and I grant you to some degree, in your library "incident" as well. Really tightly configured secure systems are something that I do subscribe to at work (200+solaris jobbies) I don't want just any numptie shutting the machines down - and this I like to extend to my home servers,for example, most have a 64MiB install footprint complete with services running, there are no superfluous binaries or users on the system - period. HOWEVER.... There are a number of holes and caveats in the argument.. If someone has physical access, as per library example, who cares about the prevention of system shutdown ?? they've had physical access, it ain't your machine any longer.. however momentary the access. (more true of desktop machines, where typically you can't see the keyboard cable plugged into the back - perfect for a hardware keylogger for example ) If one were stupid enough to leave their laptop lying around, even if for a moment, anyone could do anything nasty with it - I sure as hell won't - it's MY laptop after all, I will pick it up and walk around with it - lid open if wirelessly connected and downloading was that essential - however, I would happily wait and re-download something if it meant I KNEW my laptop was safe and secure with me. There is only one time I leave my laptop un-attented, my work laptop mind, not personal one, and that is in the data-centre at work, you need a card to get in for a start.. If the laptops weren't unattended, I may see your point, but my personal laptop, my usage pattern, I'd wager my fingers would stop the lid closing to start with :-) -but ignoring that, on AC, shutting the lid blanks screen - nothing else, locked or unlocked - good thing; on battery, suspends it, again, precisely how I want/need it because that is how I configured it - - oh and it's easy to change this behaviour to something else.h... (note here personal usage pattern) ... and besides, the library incident is not the scenario I am talking about - it's more workstations. For my home network (laptop excluded), and I think to be fair, a normal company working environment, which is where Novell is aiming their linux product at, where all users should be centrally managed, the users logged onto the console really need to have the rights to shutdown,hibernate,suspend, (un)mount drives etc.. (Personally I'd actually put 9000 or so Sunray's on desks at work instead of PC's, and the 1000 or so people left that need to (un)mount hardware would actually have a valid reason to have dumb hardware - but that is another discussion) A lot of these sort of machines are not really multi-user systems in the true sense of the terminology, (Sunrays and their ilk excepted) - yes they are capable of being multi-user, the only user likely to do something on them at the same time that another is logged on, is the admin (home=me, company=IT). The best example of why users must be allowed to shut the things down - is when they go home, if only to save the company money; if the machines needed to be powered on for some update or something overnight, wake on lan is a perfect solution for such a scenario. Suspend is rather nice for quite a lot of this as well, how much more productive is it to this a software button, power-off, come in next morning, hit physical power button, and everything i was working on, all my firefox tabs, all my 1/2 written emails, saved, but still open documents re-open exactly where I left them? That is real usability +point I want/need... along with others I'd wager. So back to the original question(s)... 1) why the inconsistancy ? ok, granted progress, but it ain't progress when the sysadmins have to run around trying to figure out how to fix what is for all intents and purposes now "broken" due to change. It would make much better sense to leave this functionality to the next point release IMHO. (i.e. 10.3 in this case) 2) How could this be setup so that either some users, or all "valid" users can perform the action - - and really, this has to be easy, 'cause again, expand this to a corporate environment, there needs to a way for the support people to tweak the settings on a per machine instance. Regards AM -- I'm not perfect, but I am forgiven.... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org