Re: shutdown menu option
2009/11/9 Jonas Smedegaard <dr@jones.dk>:
> On Mon, Nov 09, 2009 at 12:33:20PM +0900, Nigel Barker wrote:
>>
>> Where is the setting that prevents a skolelinux user from having the
>> option to shut down a workstation instead of just confirming the logout? I
>> have kids who just log out of laptops and then leave them switched on.
>
> I believe that what you are talking about is related to membership of the
> group powerdev. Or in newer systems is instead tied to consolekit.
>
> Above the powerdev/consolekit level are tools like GDM, lxsession and
> whatever is the name of the similar tool in KDE, which presents a dialog for
> choosing e.g. logout/suspend/poweroff and greying out the options that the
> underlying mechanism do not allow this particular user.
The login manager in KDE control centre didn't fix it. Thats why I
thought there must be a skolelinux setting.
>
> Below is probably some PAM settings which applies to all users.
>
>
> I guess that you want to disable ability to logout, allowing only shutting
> down, right?
That would be excellent, but just the default debian behaviour would
be fine - a choice of "end current session, shutdown, restart, cancel"
>
> In principle the most reliable approach is to attack the problem at the
> bottom - i.e. not just configure KDE to do the right thing - because that
> lasts only until the students discover some other fun tool on their system
> that allows them to circumvent your KDE-specific lock-down.
>
> Problem is, that powerdev/consolekit only really manages access to shutting
> down the system, as that is fundamentally a privileged operation. Killing
> your own X11 session while leaving the rest of the machine still running -
> is *not* a privileged operation, so is not governed by the underlying
> mechanisms.
But its normal debian behaviour to allow users to shut down the
machine on logout. At least on laptops it is.
>
> It is a human right to commit suicide, so to speak, but requires special
> access to hit the big red Doomsday-machine button.
>
> So the challenge is to protect something that is unprotected by underlying
> design of the system. :-/
>
> Step 1 is to disable CTRL+ALT+BACKSPACE in xorg config. Then figure out how
I wouldn't do this. There are several cases where it is a good thing -
frozen session, student hit lock instead of logout and walked away,
projector not detected and the Fn-key toggle doesn't work, ...
I have had to re-enable this feature on the one remaining ubuntu
machine we have in school.
> to configure the obvious mechanisms to silent the non-privileged logout
> routine while still presenting the shutdown (and remember to also disable
> restart, as that is just a delayed logut). Then you need to hunt down all
> methods of quitting or killing the running processes and make them difficult
> for ordinary users to invoke.
>
> I certainly see the relevancy of this, seen from a school perspective, but
> expect it to be difficult at best to implement.
>
> Good luck ;-)
>
But not to me, because this stuff is way too hard for me. However,
your message has had me thinking about this and the more I do, the
more I wonder why we don't allow shutdown of workstations in
skolelinux? Apart from a local login to an ltspserver, in what other
case would it be bad for a user to shut down the machine instead of
logging out? Perhaps only if someone else is about to use it. In my
school many workstations are left on overnight. Perhaps this would be
improved if shutdown were a logout option?
My suggestion is for normal debian behaviour, except on ltspservers.
cheers
nigel
Reply to: