Package: sddm
Version: 0.18.0-1
Severity: normal
Dear Maintainer,
I created a file /etc/polkit-1/localauthority/50-local.d/custom-menu.pkla with the following content:
[Disable suspend]
Identity=unix-user:*
Action=org.freedesktop.login1.suspend;org.freedesktop.login1.suspend-multiple-sessions
ResultAny=auth_admin_keep
ResultInactive=auth_admin_keep
ResultActive=auth_admin_keep
[Disable hibernate]
Identity=unix-user:*
Action=org.freedesktop.login1.hibernate;org.freedesktop.login1.hibernate-multiple-sessions
ResultAny=auth_admin_keep
ResultInactive=auth_admin_keep
ResultActive=auth_admin_keep
[Disable shutdown]
Identity=unix-user:*
Action=org.freedesktop.login1.power-off;org.freedesktop.login1.power-off-multiple-sessions
ResultAny=auth_admin_keep
ResultInactive=auth_admin_keep
ResultActive=auth_admin_keep
[Disable reboot]
Identity=unix-user:*
Action=org.freedesktop.login1.reboot;org.freedesktop.login1.reboot-multiple-sessions
ResultAny=auth_admin_keep
ResultInactive=auth_admin_keep
ResultActive=auth_admin_keep
That should prevent normal users from performing the named actions. This works in combination with other display managers,
but in sddm, every user can suspend, hibernate, shutdown or reboot the machine without having to autenticate as root before.
Regards
Christoph Pleger
-- System Information:
Debian Release: 10.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages sddm depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.71
ii libc6 2.28-10
ii libgcc1 1:8.3.0-6
ii libpam0g 1.3.1-5
ii libqt5core5a 5.11.3+dfsg1-1
ii libqt5dbus5 5.11.3+dfsg1-1
ii libqt5gui5 5.11.3+dfsg1-1
ii libqt5network5 5.11.3+dfsg1-1
ii libqt5qml5 5.11.3-4
ii libqt5quick5 5.11.3-4
ii libstdc++6 8.3.0-6
ii libsystemd0 241-5
ii libxcb-xkb1 1.13.1-2
ii libxcb1 1.13.1-2
ii qml-module-qtquick2 5.11.3-4
ii x11-common 1:7.7+19
ii xserver-xephyr [xserver] 2:1.20.4-1
ii xserver-xorg [xserver] 1:7.7+19
Versions of packages sddm recommends:
ii haveged 1.9.1-7
ii libpam-systemd 241-5
ii sddm-theme-debian-elarun [sddm-theme] 0.18.0-1
ii sddm-theme-debian-maui [sddm-theme] 0.18.0-1
Versions of packages sddm suggests:
ii libpam-kwallet5 5.14.5-1
pn qtvirtualkeyboard-plugin <none>
-- debconf information:
* shared/default-x-display-manager: lightdm
sddm/daemon_name: /usr/bin/sddm