how can i make restart not require root password

Ahmad Samir ahmadsamir3891 at gmail.com
Wed Sep 4 09:38:27 UTC 2013 

On 4 September 2013 11:02, Jehan PROCACCIA <jehan.procaccia at tem-tsp.eu>wrote:

> hello,
> I've got hundred of fedora19 station installed on computer lab for our
> students.
> these are self service multi-user stations, users needs to restart the
> station whenever they want to
> unfortunatly apparently "polkit" prevents them to restart when another
> user is (or had been ?) connected .
> I know it is a safe behavior, but we defenitively want to enable users to
> restart the station themself whenever they want to, but without requiring
> the root password !
> indeed, often student leave the room without disconecting (bad !) , then
> the  screen locks but still allows someone else to connect, but that second
> student then cannot restart :-( .
>
> I've tried lot of things:
>
> http://askubuntu.com/questions/1190/how-can-i-make-shutdown-not-require-admin-password
> apparently .pkla files a deprecated , and I confirmed that creating a
> /etc/polkit-1/localauthority/50-local.d/allow_all_users_to_restart.pkla
> containing Action=org.freedesktop.consolekit.system.restart-multiple-users
> AllowActive=yes doesn't work
>
> then, from #fedora IRC I've been proposed to create rules in
> /etc/polkit-1/rules.d :
> http://paste.fedoraproject.org/36844/
> [root at b06-02 rules.d]# cat 00-early-checks.rules
> /* Allow shutdown when others are logged in  */
> polkit.addRule(function(action, subject) {
>     if (action.id ==
> "org.freedesktop.consolekit.system.stop-multiple-users" ||
>         action.id ==
> "org.freedesktop.consolekit.system.restart-multiple-users") {
>         return polkit.Result.YES;
>     }
> });
>
> it still fails, when user click on their username on the top right corner
> of the gnome-session, schroll down to shutdown, then click restart, a
> window appears warning that there are other user conencted and that
> "authentification is required for rebooting the system while other users
> are logged in", and  ends by asking to enter the "Administrator"  password
> :-(
> Where can I remove that "feature" ?
>
> Thanks
>
>
IIUC, the actions you need to authenticate are:
org.freedesktop.login1.power-off-multiple-sessions
org.freedesktop.login1.reboot-multiple-sessions

have a look at /usr/share/polkit-1/actions/org.freedesktop.login1.policy.

FWIW, usually  polkit authentication propmpts are logged in the system
logs, either check /var/log/messages, or `journalctl -bn` (executed after
polkitd prompted for authentication).


> --
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
>
>


-- 
Ahmad Samir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130904/709a791c/attachment.html>

More information about the users mailing list