Bug 426961 - ConsoleKit shutdown and restart policy don't affect gdm login screen.
ConsoleKit shutdown and restart policy don't affect gdm login screen.
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: gdm (Show other bugs)
12
All Linux
low Severity low
: ---
: ---
Assigned To: Ray Strode [halfline]
Fedora Extras Quality Assurance
: Reopened, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-12-28 17:19 EST by Ray Todd Stevens
Modified: 2009-12-02 14:37 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-12-02 13:33:58 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
working org.freedesktop.consolekit.policy (1.67 KB, text/plain)
2009-12-02 14:37 EST, Ray Todd Stevens
no flags Details

  None (edit)
Description Ray Todd Stevens 2007-12-28 17:19:41 EST
OK I have my servers all locked up and so nobody should be able to do this.  
BUt idiots are so inventive at times.   I find it really interesting that you
can reboot our halt the server from the main unlogged in screen.  

How about rigging the system so that you have to enter some kind of a password
first, before it will reboot or halt.   Maybe not even the root pass word.   How
about reading the shutdown.allow file and you have to enter either "root" and
the root password OR any user in that list and their password before it will
allow you to reboot.

It is even more interesting that it will allow any user who is logged in to do this.
Comment 1 Ray Todd Stevens 2008-08-04 13:56:00 EDT
This has gotten worse.  Now if you miss on your password, the system seems to have a habit of defaulting to where a CR selects the halt button.    You don't want to have machines accidentally halting.
Comment 2 Bug Zapper 2008-11-26 04:12:28 EST
This message is a reminder that Fedora 8 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 8.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '8'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 8's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 8 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 3 Ray Todd Stevens 2008-11-28 20:08:17 EST
This is still an issue with 9 and I bet 10
Comment 4 Ray Strode [halfline] 2008-12-01 14:39:05 EST
Hi, you should be able to configure this security policy with 

polkit-gnome-authorization
Comment 5 Ray Todd Stevens 2008-12-01 16:48:48 EST
I am not sure what is going on here.   But under fc10 which is what I am trying to switch things over to,

a.   It is darned hard to find this program.   It certainly is not on any of the menus, you have to run it from a terminal window.

b.   As far as I can tell in what I can read when I do bring it up, it is already set to not allow shutdowns or reboots from a non logged in console, but this actually still "works".

c.   I did some experimenting and it will not allow the reprogramming of these options.

So exactly where should we go with this.   Should we work this through this bug, or should I file a different one for each of the three points above?
Comment 6 Ray Todd Stevens 2008-12-01 16:53:04 EST
Incidentally this with FC10 has become and additionally problematic issue.  Now if the screen saver is active and the console is at the login prompt, it seem to like to once again select the "shutdown" button as the default.   So it is really easy to accidentally hit the return or space bar twice when deactivating the screen saver mode and start a system reboot.   This is not a good thing to do to a server.
Comment 7 Ray Strode [halfline] 2008-12-01 17:12:04 EST
It should be in the menus under

 System > Preferences > System > Authorizations

Which granted might be better under Administration.  If you'd like to see that changed, file it as a bug against PolicyKit-gnome.

You're difficulties may be because there are several policies dealing with shutting down the system (because it's moved around a few times).  This is really confusing and should probably get fixed (would need a separate bug report against e.g. hal)

The actions you care about should be under the

org.freedesktop.consolekit.system

tree

Do changing those actions fix things for you?
Comment 8 Ray Todd Stevens 2008-12-02 16:59:09 EST
This half helps.   Interestingly enough if I run from a terminal window and either sued or not it will not allow editing.   With run from the menu option it allows editing.   

Another interesting issue is that apparently this has to be run once to take effect.   If you run it and change anything then all of a sudden all of the security restrictions take effect, but not until.   This is probably why I made the comment about not being able to find the option to change this.

But the big one is that the main not logged in screen doesn't seem to obey this.  All the other ways to shutdown reboot are good and controlled, but this one, which is the most dangerous one is not.  The specific problem I am referencing is if you have logged out and have the list of user names up on the screen.   Down at the bottom there are two buttons, one for restart and the other for shutdown.   These can be activated with just a click of the mouse or if they are highlighted the return key or space bar.   If the screen has gone dark because of lack of use, which is the normal status of our servers, then this is frequently the highlighted button.   So if you fumble finger getting the screen back the system spontaneously halts.  Generally not what you are trying to do.

PS have filed a bug report on the menu issue.
Comment 9 Ray Strode [halfline] 2008-12-02 17:38:45 EST
can you reference the bug number you filed on this report (just so anyone following along now or later can jump to it) ?

I'm surprised the policykit policy isn't working.  Will need investigation.  In the mean time, a work around is the /apps/gdm/simple-greeter/disable_restart_buttons gconf key.

1) Run gconf-editor as root (which isn't ideal, but is required because it doesn't have policykit integration yet)
2) navigate to /apps/gdm/simple-greeter
3) check "disable_restart_buttons"
4) right click on the item and set "Set as Mandatory"

This should make the buttons disappear until we work out what's going on with policykit policy.
Comment 10 Ray Todd Stevens 2008-12-02 18:20:07 EST
I did file bug  474234 about the menu issue.
Comment 11 Ray Todd Stevens 2009-04-02 15:38:11 EDT
This is fixed fc11 beta
Comment 12 Bug Zapper 2009-11-18 07:24:21 EST
This message is a reminder that Fedora 10 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 10.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '10'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 10's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 10 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 13 Ray Todd Stevens 2009-11-25 14:52:15 EST
This is definitely not fixed in fedora 12.   The modification system seems to have totally disappeared.
Comment 14 Matthias Clasen 2009-12-01 20:46:12 EST
the gui tool has been removed, modification is still very much possible, e.g. by editing /usr/share/polkit-1/actions/org.gnome.freedesktop.consolekit.policy
Comment 15 Ray Todd Stevens 2009-12-02 11:00:46 EST
I have to wonder why every version of fedora seems to actually take a step backwards in its functionality in this area.
Comment 16 Ray Todd Stevens 2009-12-02 11:10:22 EST
Also is there any kind of a manual on making these changes anywhere?
Comment 17 Ray Strode [halfline] 2009-12-02 13:33:58 EST
The polkit man page gives a good overview of how policykit works, 

The pklocalauthority man page gives some example policies.

The pkaction command gives a list of configurable policies registered on the system.

I'm going to close this bug out because comment 11 suggests the original problem is fixed.
Comment 18 Ray Todd Stevens 2009-12-02 14:37:09 EST
Created attachment 375570 [details]
working org.freedesktop.consolekit.policy

I figure that if someone is looking for a solution to this problem they will hopefully find this closed "bug".  SO I figured I would add the rest here.

This is a version of the policy that restricts rebooting from the unlogged in console to those who have an administrative password.

Note that this also will restrict the use of the off button to do a nice shutdown.  Now to do a shutdown if you press the off button (but don't hold it) you have to then go to the console and type in the administrative password.   Pressing and holding the button will still do a hard power down.

Note You need to log in before you can comment on or make changes to this bug.