Suspend and shutdown

Jim Cornette fc-cornette at insight.rr.com
Wed Mar 1 04:01:53 UTC 2006 

Uno Engborg wrote:
> In FC5T3 all users have the menus "Shut down..." and "Suspend" in their 
> Gnome "Desktop" menu, and if they select it the  shutdown or suspend 
> happens without asking the user for
> a root password.
> 
> 
> This is awful in multi user environments, or when remote desktops are used.
> Is there some easy way of turning this off?
> Is this the default Gnome 2.14 behavior?
> 
> At the very least the user shoould be prompted for a root or even better 
> a sudo password before he is allowed to do this.  It also creates far 
> too many menu items in the Desktop menu that are very similar. The old 
> FC4 way of doing this was much better from a usability perspective.
> 
> Regards
> Uno Engborg
> 

There is a pam program called consolehelper. There is also a /bin entry 
for the commands that are actually links to consolehelper. This gives 
the effect of running 'consolehelper pm-suspend' whicg does not need 
root access to initiate a shutdown or sleep.
There is the real program under the /sbin directory it needs root access.

Example:
locate pm-suspend
/etc/pam.d/pm-suspend
/etc/security/console.apps/pm-suspend
/usr/bin/pm-suspend
/usr/sbin/pm-suspend


  ls -la /usr/bin/pm-suspend
lrwxrwxrwx 1 root root 13 Feb 13 23:11 /usr/bin/pm-suspend -> consolehelper
[root at localhost etc]# ls -la /usr/sbin/pm-suspend
-rwxr-xr-x 1 root root 415 Feb 12 03:46 /usr/sbin/pm-suspend

  locate poweroff
/etc/pam.d/poweroff
/etc/security/console.apps/poweroff
/lib/modules/2.6.15-1.1977_FC5/kernel/drivers/char/ipmi/ipmi_poweroff.ko
/sbin/poweroff
/usr/bin/poweroff

  ls -la /usr/bin/poweroff
lrwxrwxrwx 1 root root 13 Feb 13 22:50 /usr/bin/poweroff -> consolehelper
[root at localhost etc]# ls -la /sbin/poweroff
lrwxrwxrwx 1 root root 4 Feb 26 08:00 /sbin/poweroff -> halt

Basically, you need to stop the consolehelper pm-suspend from allowing 
shutdown or suspend via consolehelper.

I never tried this limiting system factor. Removing the power cord is 
more deadly on the system. Multi-user systems are probably secured 
physically.

Jim


-- 
Well fix that in the next (upgrade, update, patch release, service pack).

More information about the fedora-list mailing list