Bug 466610

Summary: Gnome-session shouldn't allow shutdown for non privileged users
Product: [Fedora] Fedora Reporter: Quentin Armitage <quentin>
Component: gnome-sessionAssignee: Ray Strode [halfline] <rstrode>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: jmccann, madko, rstrode
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-10-11 16:38:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Quentin Armitage 2008-10-11 07:53:32 UTC 
Description of problem:
Gnome-session allows non privileged users to suspend, hibernate, shutdown or restart the system. This is inconsistent with /sbin/shutdown.

Version-Release number of selected component (if applicable):
All recent

How reproducible:
Always

Steps to Reproduce:
1.Select System/Shutdown from Gnome menu bar
2.
3.
  
Actual results:
Non-privileged user can shut the system down

Expected results:
If running as a non-privileged user, it should prompt for root password

Additional info:
Comment 1 Ray Strode [halfline] 2008-10-11 16:38:59 UTC 
The default policy is to allow "console" users the ability to shutdown or reboot.

A "console" user is roughly defined as someone sitting at the physical machine (where they could just yank the plug).  The accounting for this is managed by a service called ConsoleKit.  You can see a list of currently logged in users and whether they're local or not by running:

ck-list-sessions

This policy is configurable, though, via PolicyKit and the gnome-polkit-authorization tool.