The default gdm configuration allows anyone in front of
the console to reboot or halt the machine without having
to surrender any sort of password. This is especially
peculiar as, once you log in, you will have to give a
password to do this.
I believe that the default should be to require the
root password before allowing halt/shutdown.
we believe that a user having console access already has more than enough
opportunity to halt or reboot the machine physically. In the case of a
"cluster" type situation where a network of workstations is installed in a
public area, this can easily be changed via a modified configuration. However,
the defaults are appropriate in the majority of cases.
*** Bug 6839 has been marked as a duplicate of this bug. ***