Apologies if this is a Gnome issue, not a kernel issue. Platform: HP nx9010 laptop Although the suspend process works OK (slow flashing blue light on completion), the laptop fails to restart - not great, but that isn't my bug for now. The BIG problem is that an unpriviledged remote X login user can initiate suspend from the Gnome System menu causing instant denial of use. The shutdown option is missing (as expected) but the suspend option should also be disabled
isn't this a gnome bug? IMO, there should be an easy system-wide way of disabeling this option.
yes, the kernel just provides the mechanism. I think the actual 'do the suspend' is triggered by HAL. Somewhere further up the stack, we need to be checking that the user is a console user.
questions is your user also logged into the console? Have you tried hitting the button? Does it actually suspend?
Answers: Yes. The same user was logged into the console. Under this condition, the laptop did actually suspend from the remote terminal. I've tried again without the user also being logged in at the console and suspend safely responds with a 'Suspend problem' dialog - my apologies. I guess this isn't too bad (although it may be a little better if the suspend button wasn't there at all, just like the shutdown button isn't there).
Just the way pam-console works, for better or worse. Not security related as pointed out in comment 4. Closing this bug.