James Strandboge wrote:
Once you know what redhat did, this certainly is easy, I am just trying to bring us back to the point that the bug report referenced is a distribution agnostic way for gnome-session to handle the shutdown options. Of course, the distribution still has to come up with the method of authenticating the user.
Here's a couple of ideas for how we could implement a way for users to shutdown from inside GNOME:
1. Create a package with two programs, perhaps called userhalt and userreboot. Make these programs tiny wrappers around /sbin/shutdown. The package creates a group 'shutdown'. The wrapper programs are owned by root.shutdown and their permissions are 'u=rwxs,g=rx,o=r'. Then, apply Jamie's patch from
http://bugzilla.gnome.org/show_bug.cgi?id=114432to gnome-session. I'd recommend the first version of Jamie's patch, (why bother keeping Red Hat specific code around, if we need to maintain a patch anyway). Then we need to build gnome-session with '--with-reboot-command=/usr/bin/userreboot --with-halt-command=/usr/bin/userhalt'. This, of course, requires the system administrator to add the appropriate users to the shutdown group, but that seems to be the Debian way of doing things at the moment (as demonstrated by the groups like video, audio, cdrom, floppy etc.)
2. Another, simpler solution which doesn't involve having to maintain set-uid binaries would be to apply Jamie's patch and build gnome-session with '--with-reboot-command=/etc/userreboot --with-halt-command=/etc/userhalt'. Then, gnome-session would be providing the hooks with which system administrators could set up their own scheme for allowing certain users to shutdown, such as with gksu or sudo.
Any comments? In particular, I'm no *NIX security expert, so my idea about making a set-uid program that can only be executed by users in the right group might be way off. ;-) Also, sorry if this mail is a bit verbose!
-- Jon