how can i make restart not require root password
Jehan Procaccia
jehan.procaccia at tem-tsp.eu
Wed Sep 4 15:59:51 UTC 2013
Le 04/09/2013 17:08, Bill Davidsen a écrit :
> Jehan PROCACCIA wrote:
>> hello,
>> I've got hundred of fedora19 station installed on computer lab for
>> our students.
>> these are self service multi-user stations, users needs to restart
>> the station
>> whenever they want to
>> unfortunatly apparently "polkit" prevents them to restart when
>> another user is
>> (or had been ?) connected .
>> I know it is a safe behavior, but we defenitively want to enable
>> users to
>> restart the station themself whenever they want to, but without
>> requiring the
>> root password !
>> indeed, often student leave the room without disconecting (bad !) ,
>> then the
>> screen locks but still allows someone else to connect, but that
>> second student
>> then cannot restart :-( .
>>
>> I've tried lot of things:
>> http://askubuntu.com/questions/1190/how-can-i-make-shutdown-not-require-admin-password
>>
>> apparently .pkla files a deprecated , and I confirmed that creating a
>> /etc/polkit-1/localauthority/50-local.d/allow_all_users_to_restart.pkla
>> containi
>
>
> ng Action=org.freedesktop.consolekit.system.restart-multiple-users
>> AllowActive=yes doesn't work
>>
>> then, from #fedora IRC I've been proposed to create rules in
>> /etc/polkit-1/rules.d :
>> http://paste.fedoraproject.org/36844/
>> [root at b06-02 rules.d]# cat 00-early-checks.rules
>> /* Allow shutdown when others are logged in */
>> polkit.addRule(function(action, subject) {
>> if (action.id ==
>> "org.freedesktop.consolekit.system.stop-multiple-users" ||
>> action.id ==
>> "org.freedesktop.consolekit.system.restart-multiple-users") {
>> return polkit.Result.YES;
>> }
>> });
>>
>> it still fails, when user click on their username on the top right
>> corner of the
>> gnome-session, schroll down to shutdown, then click restart, a window
>> appears
>> warning that there are other user conencted and that
>> "authentification is
>> required for rebooting the system while other users are logged in",
>> and ends by
>> asking to enter the "Administrator" password :-(
>> Where can I remove that "feature" ?
>>
> 1 - Do the students ever have to initiate a long running job and wait
> for results? If so, having someone else reboot the machine is not
> desirable.
>
> 2 - It might be better to just log out idle users.
>
> 3 - However, if it is your intention to let any user reboot at any
> time, use visudo to add a line:
> %booters ALL=(ALL) NOPASSWD: /sbin/reboot
> so the next student could log in and reboot from command line with
> sudo su /sbin/reboot
> Note that this requires putting all students allowed to do this (all
> of them?) into a secondary group allowed to reboot.
>
> My though is that there is a reason why this isn't the default, if
> there is no legitimate use which justifies not rebooting, you
> certainly can do that. In particular, you probably don't want people
> logging in remotely and just rebooting the machine, students have been
> known to prank one another.
>
unfortunatly , some user never use a terminal and would'nt know how to
use a command line as "sudo su /sbin/reboot"
the purpose here was to enable restart from the drop down menu withing
the gnome session .
as ahmad samir replied earlier, I have the solution with setting this:
[root at b06-01 ~]# cat /etc/polkit-1/rules.d/00-early-checks.rules
/* Allow shutdown when others are logged in */
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
action.id ==
"org.freedesktop.login1.power-off-multiple-sessions") {
return polkit.Result.YES;
}
});
thanks .
More information about the users
mailing list