[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [rhelv6-list] how to remove 'shot down' from system menu?



Thanks a lot, Andrew.

Still complicated, but managable.

Why did Redhat not put in a feature to remove the shutdown?

/sbin/halt and /sbin/reboot need root permission, too. Why not the Gnome menu command???


On 10/05/2011 04:09 PM, Feldt, Andrew N. wrote:
Alois,

I do this (in spite of the concerns given by the previous
posters - users are far less likely to push the physical
button, especially if it is on the other side of a panel
and if word gets around that the system manager greatly
frowns on this).  However, my policy kit files are slightly
different from the ones posted at the link that was given.

I create a separate policy kit file for each action and
have (all in /etc/polkit-1/localauthority/50-local.d):

stop.pkla containing

[Normal User Stop Permissions]
Identity=unix-user:*
Action=org.freedesktop.consolekit.system.stop
ResultAny=no
ResultInactive=no
ResultActive=auth_admin

an identical file called restart.pkla which is the
same as the above except that [Ss]top is replaced
with [Rr]estart everywhere.

And, to be complete, I have the power related
files hibernate.pkla and suspend.pkla with:

[Normal User Suspend Permissions]
Identity=unix-user:*
Action=org.freedesktop.devicekit.power.suspend
ResultAny=no
ResultInactive=no
ResultActive=auth_admin

with [Ss]uspend replace by [Hh]ibernate in its
file.

The 'ResultActive=auth_admin' means that any attempt
to use buttons to power off or restart the system
result in a prompt requiring authentication.  This
also helps to reinforce the idea that normal users
are not supposed to shutdown or restart systems.

This has been very successful in a lab full of machines
which are also used in a Condor pool and for remote
login access.  (Remote users get quite grumpy if someone
suddenly shuts down the system they have been editing a
file on for several hours ;-)

The 'pkaction' command is quite useful in finding out
what policies exist and how they are set so that you
can change them in this fashion.

Andy



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]