Bug 1320245

Summary: Cancelling shutdown from gui switches back to root session with no authentication requirement
Product: Red Hat Enterprise Linux 6 Reporter: Joe Wright <jwright>
Component: gnome-sessionAssignee: Ray Strode [halfline] <rstrode>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: urgent Docs Contact: Lucie Vařáková <lmanasko>
Priority: high    
Version: 6.7CC: cww, jkoten, rstrode, tpelka
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: gnome-session-2.28.0-24.el6 Doc Type: Bug Fix
Doc Text:
Cancelling shutdown from a GUI session now switches to running session Previously, the *policykit* credentials for shutting down the system were not obtained up front before logging out. Consequently, if the users cancelled the policykit authentication dialog, they were sent back to the login screen instead of the graphical user interface (GUI) session. With this update, the dialog for obtaining credentials appears up front before the logout starts. As a result, when the users cancel the authentication dialog, they are sent back to their session instead of the login screen.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-21 11:54:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1269194, 1363705    

Description Joe Wright 2016-03-22 16:24:53 UTC 
Description of problem:
user is logged out of gui after switching from a root gui session after trying to shutdown and cancelling the shutdown

Version-Release number of selected component (if applicable):
RHEL 6.7

How reproducible:
Verified in house on a 6.6 system

Steps to Reproduce:
- Have root log into the gnome desktop
- Switch to another user without elevated privileges
- Attempt to shutdown from the menu
- The user will be prompted for the root password
- Click cancel and the user will be logged out and immediately be switch to the root desktop   <<<<<< (The problem is here) ( I believe that I should have to authenticate to return to root's desktop session)



Actual results:
- user is logged out and switched back to the root session without authentication prompt

Expected results:
- I expect that the correct behavior is for the user to be put back on his/her own desktop and not root

Additional info:
Spoke with Ray Strode about this directly, he verified it is an issue
Comment 2 Ray Strode [halfline] 2016-03-22 16:32:57 UTC 
To be clear, we don't lock the screen for the root user in RHEL 6 (or earlier RHELs).  That's one of the reasons we post a warning dialog when a user logs in as root.

The bug here is that we log the user out when they shutdown, before we ask for the polkit password.  If they cancel the polkit password, we've already logged the user out so we can't perform the cancel.

We should get the polkit credentials first before doing the logout.

I don't think we should change the behavior of root locking in rhel 6 at this point. That behavior has existed since before RHEL 2.1.  See

https://wiki.gnome.org/Projects/GnomeScreensaver/FrequentlyAskedQuestions#Why_doesn.27t_my_screen_lock_when_I.27m_logged_in_as_root.3F

We did fix it for rhel 7, though.
Comment 7 Ray Strode [halfline] 2016-11-07 16:26:16 UTC 
I've done a build now with the changes mentioned in comment 2.
Comment 13 errata-xmlrpc 2017-03-21 11:54:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0788.html