[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Suspend and shutdown



Uno Engborg wrote:
In FC5T3 all users have the menus "Shut down..." and "Suspend" in their Gnome "Desktop" menu, and if they select it the shutdown or suspend happens without asking the user for
a root password.


This is awful in multi user environments, or when remote desktops are used.
Is there some easy way of turning this off?
Is this the default Gnome 2.14 behavior?

At the very least the user shoould be prompted for a root or even better a sudo password before he is allowed to do this. It also creates far too many menu items in the Desktop menu that are very similar. The old FC4 way of doing this was much better from a usability perspective.

Regards
Uno Engborg


There is a pam program called consolehelper. There is also a /bin entry for the commands that are actually links to consolehelper. This gives the effect of running 'consolehelper pm-suspend' whicg does not need root access to initiate a shutdown or sleep.
There is the real program under the /sbin directory it needs root access.

Example:
locate pm-suspend
/etc/pam.d/pm-suspend
/etc/security/console.apps/pm-suspend
/usr/bin/pm-suspend
/usr/sbin/pm-suspend


 ls -la /usr/bin/pm-suspend
lrwxrwxrwx 1 root root 13 Feb 13 23:11 /usr/bin/pm-suspend -> consolehelper
[root localhost etc]# ls -la /usr/sbin/pm-suspend
-rwxr-xr-x 1 root root 415 Feb 12 03:46 /usr/sbin/pm-suspend

 locate poweroff
/etc/pam.d/poweroff
/etc/security/console.apps/poweroff
/lib/modules/2.6.15-1.1977_FC5/kernel/drivers/char/ipmi/ipmi_poweroff.ko
/sbin/poweroff
/usr/bin/poweroff

 ls -la /usr/bin/poweroff
lrwxrwxrwx 1 root root 13 Feb 13 22:50 /usr/bin/poweroff -> consolehelper
[root localhost etc]# ls -la /sbin/poweroff
lrwxrwxrwx 1 root root 4 Feb 26 08:00 /sbin/poweroff -> halt

Basically, you need to stop the consolehelper pm-suspend from allowing shutdown or suspend via consolehelper.

I never tried this limiting system factor. Removing the power cord is more deadly on the system. Multi-user systems are probably secured physically.

Jim


--
Well fix that in the next (upgrade, update, patch release, service pack).


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]