Re: Embarrassing security bug in systemd

[Menelaos Maglis <mmaglis@metacom.gr>]

>>> I wonder how can such a severe bug make it into a Debian stable
>>> distribution?  And is this just an insane default setting on Debian's
>>> side or is it yet another instance of brain-dead systemd behavior?
>> 
>> Maybe I am just a brain-dead loony, but personally I prefer to be able to
>> shut down or reboot my system without having to type a password. If you
>> do not like this behavior you might have to learn how to define
>> polkit rules.
>
> For the interested reader, see
> /usr/share/polkit-1/actions/org.freedesktop.login1.policy
>
> org.freedesktop.login1.power-off has the following defaults
>
>     <defaults>
>       <allow_any>auth_admin_keep</allow_any>
>       <allow_inactive>auth_admin_keep</allow_inactive>
>       <allow_active>yes</allow_active>
>     </defaults>
>
> As has already been mentioned, active, local users can shutdown/reboot
> the system without requiring a password. This is intended behaviour (for
> the reasons already mentioned) and can indeed be overridden by custom
> polkit rules.

It is an improvement to have a consistent (central) way to configure
this behavior.

It is probably a "good thing" to allow users with physical access to
reboot/shutdown a desktop/laptop system.

It is probably not a preferred solution for a multi-user/server system.

One user group can say to the other "go an change the default policy",
or the installer can pick the "the right thing to do" based on the
installation profile...

Regards,
Menelaos Maglis