how can i make restart not require root password

Wed Sep 4 16:31:46 UTC 2013

Jehan Procaccia wrote:
> Le 04/09/2013 17:08, Bill Davidsen a écrit :
>> Jehan PROCACCIA wrote:
>>> hello,
>>> I've got hundred of fedora19 station installed on computer lab for our 
>>> students.
>>> these are self service multi-user stations, users needs to restart the station
>>> whenever they want to
>>> unfortunatly apparently "polkit" prevents them to restart when another user is
>>> (or had been ?) connected .
>>> I know it is a safe behavior, but we defenitively want to enable users to
>>> restart the station themself whenever they want to, but without requiring the
>>> root password !
>>> indeed, often student leave the room without disconecting (bad !) , then the
>>> screen locks but still allows someone else to connect, but that second student
>>> then cannot restart :-( .
>>>
>>> I've tried lot of things:
>>> http://askubuntu.com/questions/1190/how-can-i-make-shutdown-not-require-admin-password 
>>>
>>> apparently .pkla files a deprecated , and I confirmed that creating a
>>> /etc/polkit-1/localauthority/50-local.d/allow_all_users_to_restart.pkla
>>> containi
>>
>>
>> ng Action=org.freedesktop.consolekit.system.restart-multiple-users
>>> AllowActive=yes doesn't work
>>>
>>> then, from #fedora IRC I've been proposed to create rules in 
>>> /etc/polkit-1/rules.d :
>>> http://paste.fedoraproject.org/36844/
>>> [root at b06-02 rules.d]# cat 00-early-checks.rules
>>> /* Allow shutdown when others are logged in  */
>>> polkit.addRule(function(action, subject) {
>>>      if (action.id == 
>>> "org.freedesktop.consolekit.system.stop-multiple-users" ||
>>>          action.id == 
>>> "org.freedesktop.consolekit.system.restart-multiple-users") {
>>>          return polkit.Result.YES;
>>>      }
>>> });
>>>
>>> it still fails, when user click on their username on the top right corner of 
>>> the
>>> gnome-session, schroll down to shutdown, then click restart, a window appears
>>> warning that there are other user conencted and that "authentification is
>>> required for rebooting the system while other users are logged in", and  
>>> ends by
>>> asking to enter the "Administrator"  password :-(
>>> Where can I remove that "feature" ?
>>>
>> 1 - Do the students ever have to initiate a long running job and wait for 
>> results? If so, having someone else reboot the machine is not desirable.
>>
>> 2 - It might be better to just log out idle users.
>>
>> 3 - However, if it is your intention to let any user reboot at any time, use 
>> visudo to add a line:
>>   %booters        ALL=(ALL)       NOPASSWD: /sbin/reboot
>> so the next student could log in and reboot from command line with
>>   sudo su /sbin/reboot
>> Note that this requires putting all students allowed to do this (all of 
>> them?) into a secondary group allowed to reboot.
>>
>> My though is that there is a reason why this isn't the default, if there is 
>> no legitimate use which justifies not rebooting, you certainly can do that. 
>> In particular, you probably don't want people logging in remotely and just 
>> rebooting the machine, students have been known to prank one another.
>>
> unfortunatly , some user never use a terminal and would'nt know how to use a 
> command line as "sudo su /sbin/reboot"
> the purpose here was to enable restart from the drop down menu withing the 
> gnome session .
> as ahmad samir replied earlier, I have the solution with setting this:
> [root at b06-01 ~]# cat /etc/polkit-1/rules.d/00-early-checks.rules
> /* Allow shutdown when others are logged in  */
> polkit.addRule(function(action, subject) {
>     if (action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
>         action.id == "org.freedesktop.login1.power-off-multiple-sessions") {
>         return polkit.Result.YES;
>     }
> });
>
> thanks .
>
Actually command lines are specified in menu items and icons...

-- 
Bill Davidsen <davidsen at tmr.com>
   "'Nothing to hide' does not imply 'nothing to fear'"
       - me
   "AT&T could not seriously contend that a reasonable entity in its position
    could have believed that the alleged domestic dragnet was legal."
       -judge Vaughn R. Walker of the U.S. District Court
        for the Northern District of California, EFF vs. AT&T