[opensuse] Why is DISPLAYMANAGER_SHUTDOWN="root" ignored?
Hello, I have DISPLAYMANAGER_SHUTDOWN="root" set in /etc/sysconfig/displaymanager But this setting seems to be ignored. Non-privileged users can still shutdown by choosing "shutdown" from their KDE menu. Why is this? BTW: this is opensuse Leap 42.1 -- Josef Wolf jw@raven.inka.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
No ideas on that one? On Tue, Oct 18, 2016 at 07:15:31PM +0200, Josef Wolf wrote:
Hello,
I have DISPLAYMANAGER_SHUTDOWN="root" set in /etc/sysconfig/displaymanager
But this setting seems to be ignored. Non-privileged users can still shutdown by choosing "shutdown" from their KDE menu.
Why is this?
BTW: this is opensuse Leap 42.1
-- Josef Wolf jw@raven.inka.de
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- Josef Wolf jw@raven.inka.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wednesday, 19 October 2016 13:44:24 BST Josef Wolf wrote:
No ideas on that one?
On Tue, Oct 18, 2016 at 07:15:31PM +0200, Josef Wolf wrote:
Hello,
I have DISPLAYMANAGER_SHUTDOWN="root" set in /etc/sysconfig/displaymanager
But this setting seems to be ignored. Non-privileged users can still shutdown by choosing "shutdown" from their KDE menu.
Why is this?
BTW: this is opensuse Leap 42.1 I dont use Leap but doesn't Leap use ssdm? Is it not configurable from the systemsettings as to who you allow to shutdown? I have a feeling that option is used by KDM and i'm not sure if ssdm uses the same settings - but don't quote me on it as i'm just guessing
-- opensuse:tumbleweed:20161014 Qt: 5.7.0 KDE Frameworks: 5.27.0 KDE Plasma: 5.8.1 kwin5-5.8.1-157.1.x86_64 kmail5-16.08.1-1.4.x86_64 Kernel: 4.7.6-1-default Nouveau: 1.0.13_1.1 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On October 19, 2016 4:44:24 AM PDT, Josef Wolf <jw@raven.inka.de> wrote:
No ideas on that one?
On Tue, Oct 18, 2016 at 07:15:31PM +0200, Josef Wolf wrote:
Hello,
I have DISPLAYMANAGER_SHUTDOWN="root" set in /etc/sysconfig/displaymanager
But this setting seems to be ignored. Non-privileged users can still shutdown by choosing "shutdown" from their KDE menu.
Why is this?
BTW: this is opensuse Leap 42.1
-- Josef Wolf jw@raven.inka.de
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Have you tried shut down via ssh? It's pointless to try to protect a machine from power off at the console. The power switch is right there, as is the cord. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 19/10/2016 à 17:45, John Andersen a écrit :
It's pointless to try to protect a machine from power off at the console. The power switch is right there, as is the cord.
not always :-) jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, Oct 19, 2016 at 08:45:21AM -0700, John Andersen wrote:
On Tue, Oct 18, 2016 at 07:15:31PM +0200, Josef Wolf wrote:
I have DISPLAYMANAGER_SHUTDOWN="root" set in /etc/sysconfig/displaymanager
But this setting seems to be ignored. Non-privileged users can still shutdown by choosing "shutdown" from their KDE menu.
Why is this?
BTW: this is opensuse Leap 42.1
Have you tried shut down via ssh?
Myself (as a privileged user) CAN shut down form ssh. But that's not the point. Unprivileged users should NOT be able to shut down.
It's pointless to try to protect a machine from power off at the console.
Then it's pointless to have this configuration setting in the first place. And it's pointless to have a "shutdown" icon in the GUI, IMHO.
The power switch is right there, as is the cord.
The user have only access to the display+Keyboard of the machine. And, in fact, in this case the shutdown was done by ACCIDENT, because the user clicked the wrong icon ("herunterfahren" instead of "abmelden") in the KDE menu. The point here is not to protect from malicious user but to protect from UNEXPERIENCED user. -- Josef Wolf jw@raven.inka.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On October 21, 2016 11:23:01 AM PDT, Josef Wolf <jw@raven.inka.de> wrote:
On Wed, Oct 19, 2016 at 08:45:21AM -0700, John Andersen wrote:
On Tue, Oct 18, 2016 at 07:15:31PM +0200, Josef Wolf wrote:
I have DISPLAYMANAGER_SHUTDOWN="root" set in /etc/sysconfig/displaymanager
But this setting seems to be ignored. Non-privileged users can
still
shutdown by choosing "shutdown" from their KDE menu.
Why is this?
BTW: this is opensuse Leap 42.1
Have you tried shut down via ssh?
Myself (as a privileged user) CAN shut down form ssh. But that's not the point. Unprivileged users should NOT be able to shut down.
It's pointless to try to protect a machine from power off at the console.
Then it's pointless to have this configuration setting in the first place.
And it's pointless to have a "shutdown" icon in the GUI, IMHO.
The power switch is right there, as is the cord.
The user have only access to the display+Keyboard of the machine.
And, in fact, in this case the shutdown was done by ACCIDENT, because the user clicked the wrong icon ("herunterfahren" instead of "abmelden") in the KDE menu.
The point here is not to protect from malicious user but to protect from UNEXPERIENCED user.
I seem to remember that there used to be a kiosk mode. I don't know what happened to that. Sounds like it might protect from the inexperienced as well as the mildly malicious. The Linux Standard Base used to have a group called shutdown. I can't remember when I last saw that actually implemented. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Oct 18, 2016 at 07:15:31PM +0200, Josef Wolf wrote:
Hello,
I have DISPLAYMANAGER_SHUTDOWN="root" set in /etc/sysconfig/displaymanager
But this setting seems to be ignored. Non-privileged users can still shutdown by choosing "shutdown" from their KDE menu.
Why is this?
BTW: this is opensuse Leap 42.1
Maybe it's possible to remove the "reboot" and "shutdown" buttons form the KDE menu and from the desktop? -- Josef Wolf jw@raven.inka.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I had the same problem not long ago and I solved it (or at least most of it). The problem with SDDM is that it runs as root and the only solution which I have found is to modify the theme of the login screen in order to remove the reboot and the shutdown buttons from there. As for the KDE session, you can configure a polkit rule which denies these actions for not authorized users (or for all users), and the buttons will disappear (except the suspend button, but currently I have no idea why ... may be there is an error in my rule). Regards, I. Petrov On 10/26/2016 01:47 PM, Josef Wolf wrote:
On Tue, Oct 18, 2016 at 07:15:31PM +0200, Josef Wolf wrote:
Hello,
I have DISPLAYMANAGER_SHUTDOWN="root" set in /etc/sysconfig/displaymanager
But this setting seems to be ignored. Non-privileged users can still shutdown by choosing "shutdown" from their KDE menu.
Why is this?
BTW: this is opensuse Leap 42.1
Maybe it's possible to remove the "reboot" and "shutdown" buttons form the KDE menu and from the desktop?
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJYF++LAAoJEH8sJoKRFRU5L+4P/12vrKJYAYvszGa/8zLqyDyD mnlXzd5UQoR4gkZvyWs3ZLa7yq5eHSYn1pkeWI3Ob9cXxgx8xgZCKoTB+X0PvWj2 jN3uQzgeGROJphSlwlWK0ecg+I3lFWl7yFvZSgeEqFqMz2Prj37FUJkNlR603D9M ikf8XiA44mG4rj6WZYUQWlUTMidWJMc8hcKvmvZmy5LAav1tfSzyZotFoHDkFkFd makk8o9iaM/PsPUj9CQnLHv1Lir1k92Wr7ja5t1mPk8lxxzyVb6AIqdwU4nWALzu F0VXieTXPUTIolBV3SBy6e9dCQi/ddPS44BpyNZdnrhlE21ZO5KPxVGBChr1HZJv qYHhdDdn0FbE3VZ6hEmdFDjS4QhmnJorwwVN+r1z5ok/6OzWrpf1w/jmxZBOSp7A Cft3RZb/o/LAoRVnqsJ1dSKl/GEZqo6HloctVyZoEabygu0UrTw6tz9MP4HaMgb6 PwL3wADJY/JO7O08smjuKDjkgn52GTvL4jB2HXLuZmLlxxAQJSbgNVkxsRPZK1zs v0JEHR/Fyi8X9BVTdxOL9xUanH06WlvwXSs1Ma6y5HmA/KpAQyHta0wIXXSN/erq Qmj7uacEit16fP/WnhGzTPgmmcMlH8yi63rI4T6GTHPjCVbebrNA4/JdhLGWtpKo 7HDKKTiI+Z2WCAHsEWe5 =urK5 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (5)
-
ianseeks -
Ico Petrov -
jdd -
John Andersen -
Josef Wolf