OK I have my servers all locked up and so nobody should be able to do this. BUt idiots are so inventive at times. I find it really interesting that you can reboot our halt the server from the main unlogged in screen. How about rigging the system so that you have to enter some kind of a password first, before it will reboot or halt. Maybe not even the root pass word. How about reading the shutdown.allow file and you have to enter either "root" and the root password OR any user in that list and their password before it will allow you to reboot. It is even more interesting that it will allow any user who is logged in to do this.
This has gotten worse. Now if you miss on your password, the system seems to have a habit of defaulting to where a CR selects the halt button. You don't want to have machines accidentally halting.
This message is a reminder that Fedora 8 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 8. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '8'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 8's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 8 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
This is still an issue with 9 and I bet 10
Hi, you should be able to configure this security policy with polkit-gnome-authorization
I am not sure what is going on here. But under fc10 which is what I am trying to switch things over to, a. It is darned hard to find this program. It certainly is not on any of the menus, you have to run it from a terminal window. b. As far as I can tell in what I can read when I do bring it up, it is already set to not allow shutdowns or reboots from a non logged in console, but this actually still "works". c. I did some experimenting and it will not allow the reprogramming of these options. So exactly where should we go with this. Should we work this through this bug, or should I file a different one for each of the three points above?
Incidentally this with FC10 has become and additionally problematic issue. Now if the screen saver is active and the console is at the login prompt, it seem to like to once again select the "shutdown" button as the default. So it is really easy to accidentally hit the return or space bar twice when deactivating the screen saver mode and start a system reboot. This is not a good thing to do to a server.
It should be in the menus under System > Preferences > System > Authorizations Which granted might be better under Administration. If you'd like to see that changed, file it as a bug against PolicyKit-gnome. You're difficulties may be because there are several policies dealing with shutting down the system (because it's moved around a few times). This is really confusing and should probably get fixed (would need a separate bug report against e.g. hal) The actions you care about should be under the org.freedesktop.consolekit.system tree Do changing those actions fix things for you?
This half helps. Interestingly enough if I run from a terminal window and either sued or not it will not allow editing. With run from the menu option it allows editing. Another interesting issue is that apparently this has to be run once to take effect. If you run it and change anything then all of a sudden all of the security restrictions take effect, but not until. This is probably why I made the comment about not being able to find the option to change this. But the big one is that the main not logged in screen doesn't seem to obey this. All the other ways to shutdown reboot are good and controlled, but this one, which is the most dangerous one is not. The specific problem I am referencing is if you have logged out and have the list of user names up on the screen. Down at the bottom there are two buttons, one for restart and the other for shutdown. These can be activated with just a click of the mouse or if they are highlighted the return key or space bar. If the screen has gone dark because of lack of use, which is the normal status of our servers, then this is frequently the highlighted button. So if you fumble finger getting the screen back the system spontaneously halts. Generally not what you are trying to do. PS have filed a bug report on the menu issue.
can you reference the bug number you filed on this report (just so anyone following along now or later can jump to it) ? I'm surprised the policykit policy isn't working. Will need investigation. In the mean time, a work around is the /apps/gdm/simple-greeter/disable_restart_buttons gconf key. 1) Run gconf-editor as root (which isn't ideal, but is required because it doesn't have policykit integration yet) 2) navigate to /apps/gdm/simple-greeter 3) check "disable_restart_buttons" 4) right click on the item and set "Set as Mandatory" This should make the buttons disappear until we work out what's going on with policykit policy.
I did file bug 474234 about the menu issue.
This is fixed fc11 beta
This message is a reminder that Fedora 10 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 10. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '10'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 10's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 10 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
This is definitely not fixed in fedora 12. The modification system seems to have totally disappeared.
the gui tool has been removed, modification is still very much possible, e.g. by editing /usr/share/polkit-1/actions/org.gnome.freedesktop.consolekit.policy
I have to wonder why every version of fedora seems to actually take a step backwards in its functionality in this area.
Also is there any kind of a manual on making these changes anywhere?
The polkit man page gives a good overview of how policykit works, The pklocalauthority man page gives some example policies. The pkaction command gives a list of configurable policies registered on the system. I'm going to close this bug out because comment 11 suggests the original problem is fixed.
Created attachment 375570 [details] working org.freedesktop.consolekit.policy I figure that if someone is looking for a solution to this problem they will hopefully find this closed "bug". SO I figured I would add the rest here. This is a version of the policy that restricts rebooting from the unlogged in console to those who have an administrative password. Note that this also will restrict the use of the off button to do a nice shutdown. Now to do a shutdown if you press the off button (but don't hold it) you have to then go to the console and type in the administrative password. Pressing and holding the button will still do a hard power down.