how can i make restart not require root password
Jehan Procaccia
jehan.procaccia at tem-tsp.eu
Wed Sep 4 15:55:36 UTC 2013
Le 04/09/2013 11:38, Ahmad Samir a écrit :
> On 4 September 2013 11:02, Jehan PROCACCIA <jehan.procaccia at tem-tsp.eu
> <mailto:jehan.procaccia at tem-tsp.eu>> wrote:
>
> hello,
> I've got hundred of fedora19 station installed on computer lab for
> our students.
> these are self service multi-user stations, users needs to restart
> the station whenever they want to
> unfortunatly apparently "polkit" prevents them to restart when
> another user is (or had been ?) connected .
> I know it is a safe behavior, but we defenitively want to enable
> users to restart the station themself whenever they want to, but
> without requiring the root password !
> indeed, often student leave the room without disconecting (bad !)
> , then the screen locks but still allows someone else to connect,
> but that second student then cannot restart :-( .
>
> I've tried lot of things:
> http://askubuntu.com/questions/1190/how-can-i-make-shutdown-not-require-admin-password
> apparently .pkla files a deprecated , and I confirmed that
> creating a
> /etc/polkit-1/localauthority/50-local.d/allow_all_users_to_restart.pkla
> containing
> Action=org.freedesktop.consolekit.system.restart-multiple-users
> AllowActive=yes doesn't work
>
> then, from #fedora IRC I've been proposed to create rules in
> /etc/polkit-1/rules.d :
> http://paste.fedoraproject.org/36844/
> [root at b06-02 rules.d]# cat 00-early-checks.rules
> /* Allow shutdown when others are logged in */
> polkit.addRule(function(action, subject) {
> if (action.id <http://action.id> ==
> "org.freedesktop.consolekit.system.stop-multiple-users" ||
> action.id <http://action.id> ==
> "org.freedesktop.consolekit.system.restart-multiple-users") {
> return polkit.Result.YES;
> }
> });
>
> it still fails, when user click on their username on the top right
> corner of the gnome-session, schroll down to shutdown, then click
> restart, a window appears warning that there are other user
> conencted and that "authentification is required for rebooting the
> system while other users are logged in", and ends by asking to
> enter the "Administrator" password :-(
> Where can I remove that "feature" ?
>
> Thanks
>
>
> IIUC, the actions you need to authenticate are:
> org.freedesktop.login1.power-off-multiple-sessions
> org.freedesktop.login1.reboot-multiple-sessions
>
yes ! that was it, instead of
org.freedesktop.consolekit.system.restart-multiple-users it is
org.freedesktop.login1.reboot-multiple-sessions that must be set to YES .
I tried that with success
Thanks a lot .
however, it is confusing those two "items"
consolekit.system.restart-multiple-users and
login1.reboot-multiple-sessions, what is the difference between them ?
> have a look at /usr/share/polkit-1/actions/org.freedesktop.login1.policy.
>
> FWIW, usually polkit authentication propmpts are logged in the system
> logs, either check /var/log/messages, or `journalctl -bn` (executed
> after polkitd prompted for authentication).
>
> --
> users mailing list
> users at lists.fedoraproject.org <mailto:users at lists.fedoraproject.org>
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
>
>
>
>
> --
> Ahmad Samir
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130904/4ce053cf/attachment.html>
More information about the users
mailing list