View previous topic :: View next topic |
Author |
Message |
CaptainBlood Advocate
Joined: 24 Jan 2010 Posts: 3612
|
Posted: Tue Feb 04, 2020 6:35 pm Post subject: xorg user can reboot despite root logged in console |
|
|
consolekit installed here for a long time.
I've quit for elogind.
Prior to such changes, rebooting from xorg (LXDE) was refrained if root was logged in somewhere, e.g. in console.
A GUI prompt was requesting root password to confirm execution.
It's no longer the case, which bothers me as a bad twist to unix principles.
I really need some help there to bring this logic back.
the polkit rules seems quite empty, may be that's the reason why....
Thks 4 ur attention. |
|
Back to top |
|
|
dmpogo Advocate
Joined: 02 Sep 2004 Posts: 3267 Location: Canada
|
Posted: Wed Feb 05, 2020 4:20 am Post subject: Re: xorg user can reboot despite root logged in console |
|
|
CaptainBlood wrote: | consolekit installed here for a long time.
I've quit for elogind.
Prior to such changes, rebooting from xorg (LXDE) was refrained if root was logged in somewhere, e.g. in console.
A GUI prompt was requesting root password to confirm execution.
It's no longer the case, which bothers me as a bad twist to unix principles.
I really need some help there to bring this logic back.
the polkit rules seems quite empty, may be that's the reason why....
Thks 4 ur attention. |
Is just forbidding non-root reboot an overkill in your situation ? |
|
Back to top |
|
|
Yamakuzure Advocate
Joined: 21 Jun 2006 Posts: 2284 Location: Adendorf, Germany
|
Posted: Wed Feb 05, 2020 6:57 am Post subject: Re: xorg user can reboot despite root logged in console |
|
|
CaptainBlood wrote: | Prior to such changes, rebooting from xorg (LXDE) was refrained if root was logged in somewhere, e.g. in console.
A GUI prompt was requesting root password to confirm execution.
It's no longer the case, which bothers me as a bad twist to unix principles.
I really need some help there to bring this logic back.
the polkit rules seems quite empty, may be that's the reason why.... | I am using Plasma, but that should make no difference.
When I try to reboot via konsole while root is logged in somewher, I get: Code: | ~ $ loginctl reboot
User root is logged in on tty3.
Please retry operation after closing inhibitors and logging out other users.
Alternatively, ignore inhibitors and users with 'loginctl reboot -i'. |
So the default polkit rules do apply. Both loginctl from elogind and systemctl from systemd allow to ignore inhibitors, but the poweroff system of a DE shouldn't really do that by default.
I'll see what Plasma does when I use the regular shutdown button of the start menu...
Edit: Wow. I just tried and Plasma simply shut down despite root being logged in. _________________ Important German:- "Aha" - German reaction to pretend that you are really interested while giving no f*ck.
- "Tja" - German reaction to the apocalypse, nuclear war, an alien invasion or no bread in the house.
|
|
Back to top |
|
|
CaptainBlood Advocate
Joined: 24 Jan 2010 Posts: 3612
|
Posted: Wed Feb 05, 2020 9:35 am Post subject: |
|
|
Guess it's time to revisit authentication/security stack here.
Although I feel quite ignorant thus very unconfortable about it.
Thks 4 ur attention, interest & support. |
|
Back to top |
|
|
CaptainBlood Advocate
Joined: 24 Jan 2010 Posts: 3612
|
Posted: Sat Feb 22, 2020 1:29 am Post subject: |
|
|
Here's Code: | luc@amd64 ~ $ loginctl
SESSION UID USER SEAT TTY
4 1000 luc seat0
5 0 root seat0 tty1
2 sessions listed.
luc@amd64 ~ $ loginctl reboot
User root is logged in on tty1.
Please retry operation after closing inhibitors and logging out other users.
Alternatively, ignore inhibitors and users with 'loginctl reboot -i'. | However reboot request from LXDE menu is honored.
Any idea what I'm missing?
Thks 4 ur attention. |
|
Back to top |
|
|
CaptainBlood Advocate
Joined: 24 Jan 2010 Posts: 3612
|
Posted: Sun Feb 23, 2020 7:30 am Post subject: |
|
|
Code: | x11-base/xorg-server
Installed versions: 1.20.7(0/1.20.7)(11:53:00 17/02/2020)(elogind udev wayland xorg xvfb -debug -dmx -doc -ipv6 -kdrive -libglvnd -libressl -minimal -selinux -static-libs -suid -systemd -unwind -xcsecurity -xephyr -xnest) |
Could the issue be related to Code: | grep keeptty /var/log/Xorg.0.log
[ 34.453] (II) systemd-logind: logind integration requires -keeptty and -keeptty was not provided, disabling logind integration | Thks 4 ur attention, interest & support. |
|
Back to top |
|
|
CaptainBlood Advocate
Joined: 24 Jan 2010 Posts: 3612
|
Posted: Sun Feb 23, 2020 8:08 am Post subject: Re: xorg user can reboot despite root logged in console |
|
|
dmpogo wrote: | Is just forbidding non-root reboot an overkill in your situation ? |
Yes it is, somehow.
Thks 4 ur attention, interest & support |
|
Back to top |
|
|
CaptainBlood Advocate
Joined: 24 Jan 2010 Posts: 3612
|
Posted: Wed Feb 26, 2020 10:50 am Post subject: Re: xorg user can reboot despite root logged in console |
|
|
dmpogo wrote: | Is just forbidding non-root reboot an overkill in your situation ? | To be more precise, yes in an ideal world, as consolekit like behavior is expected.
I'm still interested in any proposal, as it might help my understanding.
Trying gdm instead of sddm enables -keeptty for xorg-server, which didn't help though.
Thks 4 ur attention, interest & support. |
|
Back to top |
|
|
|