[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [desktop] enabling gnome-session reboot and halt options on logout

On Tue, 2003-03-04 at 22:34, Colin Walters wrote:
> On Tue, 2003-03-04 at 20:52, christophe barbe wrote:
> > I agree that shutdown from the logout dialog box would be very nice.
> > Clearly the /var/run/console/ RH hack stinks.
> > 
> > What about a shutdown group and patching gnome-session to only display
> > the halt/reboot options if the user is member of the shutdown group.
> A bit more blue-sky: have an ACL on /bin/halt and /bin/reboot that only
> allows specific users to execute it.  Then the dialog would offer the
> options iff the user had execute permission.

I initially thought about running shutdown sgid.  The manpage for
shutdown said that it wasn't designed for that and therefore you
probably shouldn't do it.  From a security standpoint, we can control
how regular users can interact with shutdown by using the wrapper script
I initially suggested.  Also, the patching of gnome-session is greater
when checking ACLs and groups.  I don't know how far we want to get away
from upstream code.  However, if we came up with a proper solution, then
perhaps we could persuade upstream to change.


Email:        jstrand1@rochester.rr.com
GPG/PGP ID:   26384A3A
Fingerprint:  D9FF DF4A 2D46 A353 A289  E8F5 AA75 DCBE 2638 4A3A

Reply to: