Suspend and shutdown
Jim Cornette
fc-cornette at insight.rr.com
Wed Mar 1 04:01:53 UTC 2006
Uno Engborg wrote:
> In FC5T3 all users have the menus "Shut down..." and "Suspend" in their
> Gnome "Desktop" menu, and if they select it the shutdown or suspend
> happens without asking the user for
> a root password.
>
>
> This is awful in multi user environments, or when remote desktops are used.
> Is there some easy way of turning this off?
> Is this the default Gnome 2.14 behavior?
>
> At the very least the user shoould be prompted for a root or even better
> a sudo password before he is allowed to do this. It also creates far
> too many menu items in the Desktop menu that are very similar. The old
> FC4 way of doing this was much better from a usability perspective.
>
> Regards
> Uno Engborg
>
There is a pam program called consolehelper. There is also a /bin entry
for the commands that are actually links to consolehelper. This gives
the effect of running 'consolehelper pm-suspend' whicg does not need
root access to initiate a shutdown or sleep.
There is the real program under the /sbin directory it needs root access.
Example:
locate pm-suspend
/etc/pam.d/pm-suspend
/etc/security/console.apps/pm-suspend
/usr/bin/pm-suspend
/usr/sbin/pm-suspend
ls -la /usr/bin/pm-suspend
lrwxrwxrwx 1 root root 13 Feb 13 23:11 /usr/bin/pm-suspend -> consolehelper
[root at localhost etc]# ls -la /usr/sbin/pm-suspend
-rwxr-xr-x 1 root root 415 Feb 12 03:46 /usr/sbin/pm-suspend
locate poweroff
/etc/pam.d/poweroff
/etc/security/console.apps/poweroff
/lib/modules/2.6.15-1.1977_FC5/kernel/drivers/char/ipmi/ipmi_poweroff.ko
/sbin/poweroff
/usr/bin/poweroff
ls -la /usr/bin/poweroff
lrwxrwxrwx 1 root root 13 Feb 13 22:50 /usr/bin/poweroff -> consolehelper
[root at localhost etc]# ls -la /sbin/poweroff
lrwxrwxrwx 1 root root 4 Feb 26 08:00 /sbin/poweroff -> halt
Basically, you need to stop the consolehelper pm-suspend from allowing
shutdown or suspend via consolehelper.
I never tried this limiting system factor. Removing the power cord is
more deadly on the system. Multi-user systems are probably secured
physically.
Jim
--
Well fix that in the next (upgrade, update, patch release, service pack).
More information about the fedora-list
mailing list