[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: shutdown menu option



On Mon, Nov 09, 2009 at 12:33:20PM +0900, Nigel Barker wrote:
Where is the setting that prevents a skolelinux user from having the option to shut down a workstation instead of just confirming the logout? I have kids who just log out of laptops and then leave them switched on.

I believe that what you are talking about is related to membership of the group powerdev. Or in newer systems is instead tied to consolekit.

Above the powerdev/consolekit level are tools like GDM, lxsession and whatever is the name of the similar tool in KDE, which presents a dialog for choosing e.g. logout/suspend/poweroff and greying out the options that the underlying mechanism do not allow this particular user.

Below is probably some PAM settings which applies to all users.


I guess that you want to disable ability to logout, allowing only shutting down, right?

In principle the most reliable approach is to attack the problem at the bottom - i.e. not just configure KDE to do the right thing - because that lasts only until the students discover some other fun tool on their system that allows them to circumvent your KDE-specific lock-down.

Problem is, that powerdev/consolekit only really manages access to shutting down the system, as that is fundamentally a privileged operation. Killing your own X11 session while leaving the rest of the machine still running - is *not* a privileged operation, so is not governed by the underlying mechanisms.

It is a human right to commit suicide, so to speak, but requires special access to hit the big red Doomsday-machine button.

So the challenge is to protect something that is unprotected by underlying design of the system. :-/

Step 1 is to disable CTRL+ALT+BACKSPACE in xorg config. Then figure out how to configure the obvious mechanisms to silent the non-privileged logout routine while still presenting the shutdown (and remember to also disable restart, as that is just a delayed logut). Then you need to hunt down all methods of quitting or killing the running processes and make them difficult for ordinary users to invoke.

I certainly see the relevancy of this, seen from a school perspective, but expect it to be difficult at best to implement.

Good luck ;-)


 - Jonas

--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Attachment: signature.asc
Description: Digital signature


Reply to: