Mailinglist Archive: opensuse-bugs (4067 mails)

< Previous Next >
[Bug 704997] Users can hibernate system as non-root

Ludwig Nussel <lnussel@xxxxxxxx> changed:

What |Removed |Added
InfoProvider|lnussel@xxxxxxxx |

--- Comment #8 from Ludwig Nussel <lnussel@xxxxxxxx> 2011-08-29 16:17:15 CEST
(In reply to comment #7)
(In reply to comment #4)
I suppose you need to set org.freedesktop.upower.hibernate to auth_admin.
should be desktop neutral.

Setting auth_admin value when? This means, root, authentication is required
before the action, right? Shouldn't it be default behavior?

The default is to allow the user on the active console to hibernate,
suspend and shutdown. Users not on the active console or remote
logins have to authenticate as root (auth_admin:auth_admin:yes).

And what should YaST offer as alternatives?

Sensible choices are probably

auth_admin:auth_admin:auth_admin (=> require authentication always)
yes:yes:yes (=> allow anyone to perform the action)
auth_admin:auth_admin:yes (=> user on the acive console is allowed)

Shouldn't it be similar/same as DISPLAYMANAGER_SHUTDOWN handling, as mentioned
in the report? And I do not mean only 'similar/same' in YaST, but also in
system: should we have sysconfig value for one action (shutdown) and handle
polkit permission for another one?

The sysconfig value only exists for legacy reasons. It should be
removed and only polkit actions be used IMO. That requires kdm to
support polkit though.

Alternatively don't allow to configure individual polkit settings at all but
only allow to switch the profile (standard vs restrictive).

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >