Re: [desktop] enabling gnome-session reboot and halt options on logout
On Tue, 2003-03-04 at 22:34, Colin Walters wrote:
> On Tue, 2003-03-04 at 20:52, christophe barbe wrote:
> > I agree that shutdown from the logout dialog box would be very nice.
> > Clearly the /var/run/console/ RH hack stinks.
> >
> > What about a shutdown group and patching gnome-session to only display
> > the halt/reboot options if the user is member of the shutdown group.
>
> A bit more blue-sky: have an ACL on /bin/halt and /bin/reboot that only
> allows specific users to execute it. Then the dialog would offer the
> options iff the user had execute permission.
I initially thought about running shutdown sgid. The manpage for
shutdown said that it wasn't designed for that and therefore you
probably shouldn't do it. From a security standpoint, we can control
how regular users can interact with shutdown by using the wrapper script
I initially suggested. Also, the patching of gnome-session is greater
when checking ACLs and groups. I don't know how far we want to get away
from upstream code. However, if we came up with a proper solution, then
perhaps we could persuade upstream to change.
Jamie
--
Email: jstrand1@rochester.rr.com
GPG/PGP ID: 26384A3A
Fingerprint: D9FF DF4A 2D46 A353 A289 E8F5 AA75 DCBE 2638 4A3A
Reply to: