Description of problem: Gnome-session allows non privileged users to suspend, hibernate, shutdown or restart the system. This is inconsistent with /sbin/shutdown. Version-Release number of selected component (if applicable): All recent How reproducible: Always Steps to Reproduce: 1.Select System/Shutdown from Gnome menu bar 2. 3. Actual results: Non-privileged user can shut the system down Expected results: If running as a non-privileged user, it should prompt for root password Additional info:
The default policy is to allow "console" users the ability to shutdown or reboot. A "console" user is roughly defined as someone sitting at the physical machine (where they could just yank the plug). The accounting for this is managed by a service called ConsoleKit. You can see a list of currently logged in users and whether they're local or not by running: ck-list-sessions This policy is configurable, though, via PolicyKit and the gnome-polkit-authorization tool.