How to Disable KDE User Halt and Reboot Buttons?
Hi Folks, I've searched a bit but haven't found a satisfying answer to my issue. The problem occurs when a non-root user connects to a server using xrdp. This user then has full authorization to halt/reboot the server using the KDE halt or reboot buttons, not exactly an ideal situation. So how can I disable remote xrdp-connected users from rebooting or halting the server? This would also stop users from rebooting/halting the server when directly sitting at the console, which may not exist anyway. Regards, Lew
Hello, In the Message; Subject : How to Disable KDE User Halt and Reboot Buttons? Message-ID : <eebb6656-e7b3-4015-90a8-30a043a84fd1@sweet-haven.com> Date & Time: Fri, 10 May 2024 12:05:19 -0700 [LW] == Lew Wolfgang <wolfgang@sweet-haven.com> has written: LW> Hi Folks, LW> I've searched a bit but haven't found a satisfying answer to my issue. LW> The problem occurs when a non-root user connects to a server LW> using xrdp. This user then has full authorization to halt/reboot the LW> server using the KDE halt or reboot buttons, not exactly an ideal situation. LW> So how can I disable remote xrdp-connected users from rebooting LW> or halting the server? This would also stop users from rebooting/halting LW> the server when directly sitting at the console, which may not exist LW> anyway. Will a setting of needs_root_rights=no in /etc/X11/Xwrapper.config not work? Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ "Microsoft is overhauling its cybersecurity strategy, called the Secure Future Initiative, to incorporate key security features into its core set of technology platforms and cloud services. " -- Microsoft overhauls cyber strategy to finally embrace security by default --
On 5/10/24 16:32, Masaru Nomiya wrote:
Hello,
In the Message;
Subject : How to Disable KDE User Halt and Reboot Buttons? Message-ID :<eebb6656-e7b3-4015-90a8-30a043a84fd1@sweet-haven.com> Date & Time: Fri, 10 May 2024 12:05:19 -0700
[LW] == Lew Wolfgang<wolfgang@sweet-haven.com> has written:
LW> Hi Folks,
LW> I've searched a bit but haven't found a satisfying answer to my issue.
LW> The problem occurs when a non-root user connects to a server LW> using xrdp. This user then has full authorization to halt/reboot the LW> server using the KDE halt or reboot buttons, not exactly an ideal situation.
LW> So how can I disable remote xrdp-connected users from rebooting LW> or halting the server? This would also stop users from rebooting/halting LW> the server when directly sitting at the console, which may not exist LW> anyway.
Will a setting of needs_root_rights=no in /etc/X11/Xwrapper.config not work?
I don't have that filename in any of my systems, does it need to be created? Regards, Lew
Hello, In the Message; Subject : Re: How to Disable KDE User Halt and Reboot Buttons? Message-ID : <81eaaca9-ac60-4b80-a2ee-c2f8f023b06c@sweet-haven.com> Date & Time: Fri, 10 May 2024 16:57:10 -0700 [LW] == Lew Wolfgang <wolfgang@sweet-haven.com> has written: [...] MN> > Will a setting of needs_root_rights=no in /etc/X11/Xwrapper.config not MN> > work? LW> I don't have that filename in any of my systems, does it need to LW> be created? You within the xorg-x11-server related files not installed? This will help you; $ man Xwrapper.config Best Regards. --- ┏━━┓彡 野宮 賢 mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ "Maddox hopes that empowering users to pick their own algorithms will get them to think more about what’s involved in making them. " -- Bluesky's Custom Algorithms Could Be the Future of Social Media --
On 2024-05-10 18:28, Masaru Nomiya wrote:
Hello,
In the Message;
Subject : Re: How to Disable KDE User Halt and Reboot Buttons? Message-ID : <81eaaca9-ac60-4b80-a2ee-c2f8f023b06c@sweet-haven.com> Date & Time: Fri, 10 May 2024 16:57:10 -0700
[LW] == Lew Wolfgang <wolfgang@sweet-haven.com> has written:
[...] MN> > Will a setting of needs_root_rights=no in /etc/X11/Xwrapper.config not MN> > work?
LW> I don't have that filename in any of my systems, does it need to LW> be created?
You within the xorg-x11-server related files not installed?
This will help you;
$ man Xwrapper.config
No such manpage, and no such file anywhere on my system.
Hello, In the Message; Subject : Re: How to Disable KDE User Halt and Reboot Buttons? Message-ID : <b7918e24-6d21-4baf-9ce1-31b332423605@accesscomm.ca> Date & Time: Fri, 10 May 2024 18:47:57 -0600 [DG] == Darryl Gregorash <raven@accesscomm.ca> has written: DG> On 2024-05-10 18:28, Masaru Nomiya wrote: [...] MN> > You within the xorg-x11-server related files not installed? MN> > This will help you; DG> > $ man Xwrapper.config DG> No such manpage, and no such file anywhere on my system. Is it? On my Tumbleweed like this? $ rpm -qf /usr/share/man/man5/Xwrapper.config.5.gz xorg-x11-server-21.1.12-750.5.x86_64 Best Regards, --- ┏━━┓彡 Masaru Nomiya mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ "Microsoft is overhauling its cybersecurity strategy, called the Secure Future Initiative, to incorporate key security features into its core set of technology platforms and cloud services. " -- Microsoft overhauls cyber strategy to finally embrace security by default --
On 5/10/24 18:11, Masaru Nomiya wrote:
Hello,
In the Message;
Subject : Re: How to Disable KDE User Halt and Reboot Buttons? Message-ID :<b7918e24-6d21-4baf-9ce1-31b332423605@accesscomm.ca> Date & Time: Fri, 10 May 2024 18:47:57 -0600
[DG] == Darryl Gregorash<raven@accesscomm.ca> has written:
DG> On 2024-05-10 18:28, Masaru Nomiya wrote: [...] MN> > You within the xorg-x11-server related files not installed?
MN> > This will help you;
DG> > $ man Xwrapper.config
DG> No such manpage, and no such file anywhere on my system.
Is it?
On my Tumbleweed like this?
$ rpm -qf /usr/share/man/man5/Xwrapper.config.5.gz xorg-x11-server-21.1.12-750.5.x86_64
Ah, my fault. I'm working with Leap 15.5, which has xorg-xll-server-21.1.4-150500.7.26.1.x86_64. Xwrapper.config apparently isn't in that package. Regards, Lew
Hello, In the Message; Subject : Re: How to Disable KDE User Halt and Reboot Buttons? Message-ID : <74e46e88-052a-4e04-8218-eb2e7d90661f@sweet-haven.com> Date & Time: Fri, 10 May 2024 18:27:28 -0700 [LW] == Lew Wolfgang <wolfgang@sweet-haven.com> has written: [...] MN> > On my Tumbleweed like this? MN> > $ rpm -qf /usr/share/man/man5/Xwrapper.config.5.gz MN> > xorg-x11-server-21.1.12-750.5.x86_64 LW> Ah, my fault. LW> I'm working with Leap 15.5, which has LW> xorg-xll-server-21.1.4-150500.7.26.1.x86_64. You can't use Tumbleweed in business. LW> Xwrapper.config apparently isn't in that package. From Xwrapper.con man; DESCRIPTION The Xorg X server may need root rights to function properly. To start the Xorg X server with these rights your system is using a suid root wrapper installed as /usr/bin/Xorg.wrap which will execute the real X server which is installed as /usr/bin/Xorg. By default Xorg.wrap will autodetect if root rights are necessary, and if not it will drop its elevated rights before starting the real X server. By default Xorg.wrap will only allow executing the real X server from login sessions on a physical console. CONFIG FILE Xorg.wrap’s default behavior can be overridden from the /etc/X11/Xwrap‐ per.config config file. Lines starting with a # in Xwrapper.config are considered comments and will be ignored. Any other non empty lines must take the form of key = value. allowed_users = rootonly|console|anybody Specify which users may start the X server through the wrapper. Use rootonly to only allow root, use console to only allow users logged into a physical console, and use anybody to allow anybody. The default is console. needs_root_rights = yes|no|auto Configure if the wrapper should drop its elevated (root) rights before starting the X server. Use yes to force execution as root, no to force execution with all suid rights dropped, and auto to let the wrapper auto‐detect. The default is auto. When auto‐detecting the wrapper will drop rights if kms graphics are available and not drop them if no kms graphics are detected. If a sys‐ tem has multiple graphics cards and some are not kms capable auto‐de‐ tection may fail, in this case manual configuration should be used. SEE ALSO Xorg X server information: Xorg(1) Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ "Loyalty cards are a symbol of "spending" not "saving"... I saved 20,000 yen a month when I stopped "act of collecting points"" -- Shihomi Shimomura --
On 2024-05-10 19:52, Masaru Nomiya wrote:
Hello,
<snip>
From Xwrapper.con man;
DESCRIPTION The Xorg X server may need root rights to function properly. To start the Xorg X server with these rights your system is using a suid root wrapper installed as /usr/bin/Xorg.wrap which will execute the real X server which is installed as /usr/bin/Xorg.That isn't present in 15.6 either.
On 2024-05-10 19:11, Masaru Nomiya wrote:
Hello,
In the Message;
Subject : Re: How to Disable KDE User Halt and Reboot Buttons? Message-ID : <b7918e24-6d21-4baf-9ce1-31b332423605@accesscomm.ca> Date & Time: Fri, 10 May 2024 18:47:57 -0600
[DG] == Darryl Gregorash <raven@accesscomm.ca> has written:
DG> On 2024-05-10 18:28, Masaru Nomiya wrote: [...] MN> > You within the xorg-x11-server related files not installed?
MN> > This will help you;
DG> > $ man Xwrapper.config
DG> No such manpage, and no such file anywhere on my system.
Is it?
On my Tumbleweed like this?
$ rpm -qf /usr/share/man/man5/Xwrapper.config.5.gz xorg-x11-server-21.1.12-750.5.x86_64
It's not in 21.1.11, which is what is on 15.6
Hello, In the Message; Subject : Re: How to Disable KDE User Halt and Reboot Buttons? Message-ID : <901e2d37-eb26-4a6c-9444-ec5cfc987f51@accesscomm.ca> Date & Time: Fri, 10 May 2024 20:37:47 -0600 [DG] == Darryl Gregorash <raven@accesscomm.ca> has written: DG> On 2024-05-10 19:11, Masaru Nomiya wrote: [...] MN> > On my Tumbleweed like this? MN> > $ rpm -qf /usr/share/man/man5/Xwrapper.config.5.gz MN> > xorg-x11-server-21.1.12-750.5.x86_64 DG> It's not in 21.1.11, which is what is on 15.6 xorg-x11-server-21.1.11-150600.3.1.x86_64.rpm xorg-x11-server-extra-21.1.11-150600.3.1.x86_64.rpm xorg-x11-server-sdk-21.1.11-150600.3.1.x86_64.rpm xorg-x11-server-source-21.1.11-150600.3.1.x86_64.rpm xorg-x11-server-Xvfb-21.1.11-150600.3.1.x86_64.rpm xorg-x11-Xvnc-1.13.1-150600.2.5.x86_64.rpm xorg-x11-Xvnc-module-1.13.1-150600.2.5.x86_64.rpm Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ "Companies have come to view generative AI as a kind of monster that must be fed at all costs―even if it isn’t always clear what exactly that data is needed for or what those future AI systems might end up doing." -- Generative AI Is Making Companies Even More Thirsty for Your Data --
Hello, In the Message; Subject : Re: How to Disable KDE User Halt and Reboot Buttons? Message-ID : <901e2d37-eb26-4a6c-9444-ec5cfc987f51@accesscomm.ca> Date & Time: Fri, 10 May 2024 20:37:47 -0600 [DG] == Darryl Gregorash <raven@accesscomm.ca> has written: [...] MN> > On my Tumbleweed like this? MN> > $ rpm -qf /usr/share/man/man5/Xwrapper.config.5.gz MN> > xorg-x11-server-21.1.12-750.5.x86_64 DG> It's not in 21.1.11, which is what is on 15.6 Sorry for mistake. Indeed, leap 15.5 and leap 15.6 do not have the xorg-x11-server-wrapper package, which contains the key Xorg.wrap binary. It seems that leap uses the xrdp packages. How about these? $ man xrdp.ini and $ man sesman.ini Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ "Distinguish between what is meaningful to me and what is meaningless, and forget what is meaningless to me. This is where individuality comes into play. This is a function that computer cannot perform." -- Shigehiko Toyama (in Japanes) --
On 5/10/24 12:05, Lew Wolfgang wrote:
Hi Folks,
I've searched a bit but haven't found a satisfying answer to my issue.
The problem occurs when a non-root user connects to a server using xrdp. This user then has full authorization to halt/reboot the server using the KDE halt or reboot buttons, not exactly an ideal situation.
So how can I disable remote xrdp-connected users from rebooting or halting the server? This would also stop users from rebooting/halting the server when directly sitting at the console, which may not exist anyway.
Thanks to those folks who commented on this question. I found a partial solution after thinking about it a bit. Having buttons that can sleep, hibernate, reboot, and halt the system available to the user sitting in front of the console of a desktop makes perfect sense. The problem appears when a user connects to that desktop remotely. I remembered that I used the "Desktop" pattern when installing the server software! So I checked in yast2 under the Security Center and selected Network Server under the Preconfigured Security Configurations option. That fixed the problem! Either a window prompting for the root password appears, or the xrdp session closes. The server continues to run as desired. Having the buttons still there could be confusing to some users, but at least they can't crash the server. Regards, Lew
On 11.05.2024 07:10, Lew Wolfgang wrote:
On 5/10/24 12:05, Lew Wolfgang wrote:
Hi Folks,
I've searched a bit but haven't found a satisfying answer to my issue.
The problem occurs when a non-root user connects to a server using xrdp. This user then has full authorization to halt/reboot the server using the KDE halt or reboot buttons, not exactly an ideal situation.
So how can I disable remote xrdp-connected users from rebooting or halting the server? This would also stop users from rebooting/halting the server when directly sitting at the console, which may not exist anyway.
Thanks to those folks who commented on this question.
I found a partial solution after thinking about it a bit. Having buttons that can sleep, hibernate, reboot, and halt the system available to the user sitting in front of the console of a desktop makes perfect sense. The problem appears when a user connects to that desktop remotely.
I remembered that I used the "Desktop" pattern when installing the server software! So I checked in yast2 under the Security Center and selected Network Server under the Preconfigured Security Configurations option. That fixed the problem! Either a window prompting for the root password appears, or the xrdp session closes. The server continues to run as desired.
Network Server will use the "restrictive" profile of default polkit rules which always requires admin authentication to perform actions via logind. That is not what you wanted (only prevent actions in xrdp session). Default profile will allow reboot etc for locally logged in users. If users in xrdp session were not required to authenticate, it implies that xrdp session is considered local. Which is arguably wrong. The output of loginctl show-session N where N is session number for local and xrdp sessions would be interesting.
Having the buttons still there could be confusing to some users, but at least they can't crash the server.
Regards, Lew
On 5/11/24 04:38, Andrei Borzenkov wrote:
I remembered that I used the "Desktop" pattern when installing the server software! So I checked in yast2 under the Security Center and selected Network Server under the Preconfigured Security Configurations option. That fixed the problem! Either a window prompting for the root password appears, or the xrdp session closes. The server continues to run as desired.
Network Server will use the "restrictive" profile of default polkit rules which always requires admin authentication to perform actions via logind. That is not what you wanted (only prevent actions in xrdp session).
Default profile will allow reboot etc for locally logged in users. If users in xrdp session were not required to authenticate, it implies that xrdp session is considered local. Which is arguably wrong.
The output of
loginctl show-session N
where N is session number for local and xrdp sessions would be interesting.
This didn't seem to work, Andrei. I couldn't get the sessionid right. But that doesn't matter now, I messed up. Further testing shows that the remote xrdp sessions "don't" allow rebooting or halting of the host os. When we first started using xrdp at the start of The Covids an xrdp session could indeed reboot the host, and I never bothered to test it after that time. I didn't want to risk the possibility of crashing the remote servers. But it seems to work as expected now even with the Workstation security profile. xrdp with remmina still seems a bit odd, it's not allowing the user to logoff, but we can live with that. Also, there's a difference between the "Workstation" and "Network Server" security settings. With Workstation if the reboot button is pressed the Remmina screen goes black. The only way to wake it up is to restart the xrdp session on the server. But with Network Server selected the buttons freeze for about 20-seconds, then go away. The session then continues to be usable. So we're sticking with the Network Server profile unless it causes problems elsewhere. I'm testing all this on a new server that isn't in "production" yet. Sorry for all the noise, but at least it was educational. Regards, Lew
participants (4)
-
Andrei Borzenkov -
Darryl Gregorash -
Lew Wolfgang -
Masaru Nomiya