how can i make restart not require root password
Bill Davidsen
davidsen at tmr.com
Wed Sep 4 16:31:46 UTC 2013
Jehan Procaccia wrote:
> Le 04/09/2013 17:08, Bill Davidsen a écrit :
>> Jehan PROCACCIA wrote:
>>> hello,
>>> I've got hundred of fedora19 station installed on computer lab for our
>>> students.
>>> these are self service multi-user stations, users needs to restart the station
>>> whenever they want to
>>> unfortunatly apparently "polkit" prevents them to restart when another user is
>>> (or had been ?) connected .
>>> I know it is a safe behavior, but we defenitively want to enable users to
>>> restart the station themself whenever they want to, but without requiring the
>>> root password !
>>> indeed, often student leave the room without disconecting (bad !) , then the
>>> screen locks but still allows someone else to connect, but that second student
>>> then cannot restart :-( .
>>>
>>> I've tried lot of things:
>>> http://askubuntu.com/questions/1190/how-can-i-make-shutdown-not-require-admin-password
>>>
>>> apparently .pkla files a deprecated , and I confirmed that creating a
>>> /etc/polkit-1/localauthority/50-local.d/allow_all_users_to_restart.pkla
>>> containi
>>
>>
>> ng Action=org.freedesktop.consolekit.system.restart-multiple-users
>>> AllowActive=yes doesn't work
>>>
>>> then, from #fedora IRC I've been proposed to create rules in
>>> /etc/polkit-1/rules.d :
>>> http://paste.fedoraproject.org/36844/
>>> [root at b06-02 rules.d]# cat 00-early-checks.rules
>>> /* Allow shutdown when others are logged in */
>>> polkit.addRule(function(action, subject) {
>>> if (action.id ==
>>> "org.freedesktop.consolekit.system.stop-multiple-users" ||
>>> action.id ==
>>> "org.freedesktop.consolekit.system.restart-multiple-users") {
>>> return polkit.Result.YES;
>>> }
>>> });
>>>
>>> it still fails, when user click on their username on the top right corner of
>>> the
>>> gnome-session, schroll down to shutdown, then click restart, a window appears
>>> warning that there are other user conencted and that "authentification is
>>> required for rebooting the system while other users are logged in", and
>>> ends by
>>> asking to enter the "Administrator" password :-(
>>> Where can I remove that "feature" ?
>>>
>> 1 - Do the students ever have to initiate a long running job and wait for
>> results? If so, having someone else reboot the machine is not desirable.
>>
>> 2 - It might be better to just log out idle users.
>>
>> 3 - However, if it is your intention to let any user reboot at any time, use
>> visudo to add a line:
>> %booters ALL=(ALL) NOPASSWD: /sbin/reboot
>> so the next student could log in and reboot from command line with
>> sudo su /sbin/reboot
>> Note that this requires putting all students allowed to do this (all of
>> them?) into a secondary group allowed to reboot.
>>
>> My though is that there is a reason why this isn't the default, if there is
>> no legitimate use which justifies not rebooting, you certainly can do that.
>> In particular, you probably don't want people logging in remotely and just
>> rebooting the machine, students have been known to prank one another.
>>
> unfortunatly , some user never use a terminal and would'nt know how to use a
> command line as "sudo su /sbin/reboot"
> the purpose here was to enable restart from the drop down menu withing the
> gnome session .
> as ahmad samir replied earlier, I have the solution with setting this:
> [root at b06-01 ~]# cat /etc/polkit-1/rules.d/00-early-checks.rules
> /* Allow shutdown when others are logged in */
> polkit.addRule(function(action, subject) {
> if (action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
> action.id == "org.freedesktop.login1.power-off-multiple-sessions") {
> return polkit.Result.YES;
> }
> });
>
> thanks .
>
Actually command lines are specified in menu items and icons...
--
Bill Davidsen <davidsen at tmr.com>
"'Nothing to hide' does not imply 'nothing to fear'"
- me
"AT&T could not seriously contend that a reasonable entity in its position
could have believed that the alleged domestic dragnet was legal."
-judge Vaughn R. Walker of the U.S. District Court
for the Northern District of California, EFF vs. AT&T
More information about the users
mailing list