Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
xdm restarts instead of shutting down [SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2038
Location: Illinois, USA

PostPosted: Sat Nov 11, 2017 12:59 am    Post subject: xdm restarts instead of shutting down [SOLVED] Reply with quote

When my ordinary user shuts down from the XDM menu, it says it's shutting down but instead it just restarts XDM. When root does it, it actually shuts off.
The user belongs to wheel, /sbin/shutdown's mode is 755 and I have implemented Neddyseagoon's fix of adding
Code:
%wheel ALL=(ALL) NOPASSWD: /sbin/halt, /sbin/reboot
to /etc/sudoers.

I hate to tell my user to use the power switch to shut down a running computer. Or to give her the root password in order to shutdown.

DE is Mate 1.12 without policy kit. I have two other computers like that and ordinary users can shut them down and reboot them.

I see nothing in any log.

EDIT:
The restart button does work.


Last edited by Tony0945 on Sat Nov 11, 2017 9:34 pm; edited 1 time in total
Back to top
View user's profile Send private message
miket
Guru
Guru


Joined: 28 Apr 2007
Posts: 378
Location: Gainesville, FL, USA

PostPosted: Sat Nov 11, 2017 3:37 am    Post subject: Reply with quote

It looks like you're not worshiping at the altar of Pol(icy)?Kit and ConsoleKit. It's a nice attempt to get away from them but DE's nowadays are leaving you high and dry.

Shutdowns or reboots in most DE's (I'm not sure about Mate, but I've seen this to be the case in the likes of LXQT, Lumina, and KDE) happen only through the Pol(icy)?Kit gatekeeper. I really wish that weren't the case, but it is. Setting up the wheel group in the sudoers file won't do the trick: the PolicyKit path does not go through sudo.

There are two ways around this short of installing Polkit and its evil friends: patch the DE not to use Polkit but to run the shutdown command with sudo or set up your own command or button or whatever to call sudo without hooking into the Mate code. I don't know that there is a nice GUI tool for this, but with your current sudoers file you could have your user type
Code:
sudo shutdown -h now


The first path is very painful, the second not as much.

Most of the DE's I've tried without Polkit either suppress the selections for Shutdown, Reboot, Suspend, and Hibernate or show these options but do nothing if you select one of them. Only the logout function works in these cases. The effect of the logout is to take you back to XDM. It looks like Mate combines the two things for some reason: it makes the Shutdown selection available but in the absence of Polkit it just does a logout.

To get the real shutdown to happen, you have to use a non-Polkit method.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 11426

PostPosted: Sat Nov 11, 2017 5:30 pm    Post subject: Re: xdm restarts instead of shutting down Reply with quote

Tony0945 wrote:
I hate to tell my user to use the power switch to shut down a running computer.
Could you elaborate on this concern? I agree that teaching users to use the press-and-hold that hard stops a computer is a very bad idea. However, modern systems generate an ACPI event for a press-and-quick-release of the power button. With the right acpid configuration, that ACPI event can trigger any program (including shutdown) as root. This can allow physically present users to initiate a graceful system shutdown without logging in. This is often useful to have even if you don't use it as a primary method, if for no other reason than because it can be tried before resorting to a hard-off.
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2038
Location: Illinois, USA

PostPosted: Sat Nov 11, 2017 9:28 pm    Post subject: Re: xdm restarts instead of shutting down Reply with quote

Hu wrote:
Could you elaborate on this concern? I agree that teaching users to use the press-and-hold that hard stops a computer is a very bad idea. However, modern systems generate an ACPI event for a press-and-quick-release of the power button. With the right acpid configuration, that ACPI event can trigger any program (including shutdown) as root. This can allow physically present users to initiate a graceful system shutdown without logging in. This is often useful to have even if you don't use it as a primary method, if for no other reason than because it can be tried before resorting to a hard-off.


This system is five years old so I don't know if it has that feature. It looks like ACPI is something I should learn about.
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2038
Location: Illinois, USA

PostPosted: Sat Nov 11, 2017 9:34 pm    Post subject: Reply with quote

%wheel ALL=(ALL) NOPASSWD: /sbin/halt, /sbin/reboot didn't work for shutdown but reboot did work.

%wheel ALL=(ALL) NOPASSWD: /sbin/halt, /sbin/reboot, /sbin/shutdown didn't work

%wheel ALL=(ALL) NOPASSWD didn't work

username ALL=(ALL) NOPASSWD works if you add a line for each username. I can shut down on the other boxes as a user because I have the line

tony ALL=(ALL) NOPASSWD because I got tired of always adding the root password on my own machines.

Yes, all users are in wheel. If I change the tony= ... line on the other boxes to %wheel =, shutdown stops working

So solved, sort of, but with an unsatisfactory broadening of power.
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2038
Location: Illinois, USA

PostPosted: Sat Nov 11, 2017 9:40 pm    Post subject: Reply with quote

miket,
Thanks for the comments. I fear Linux is being dragged down into the RedHat/Windows clone black hole.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 11426

PostPosted: Sun Nov 12, 2017 12:45 am    Post subject: Reply with quote

I had working ACPI soft-off in a desktop system back in 2009, and the idea of ACPI soft-off wasn't new even then.

Since you got it working by broadening permissions, that suggests you haven't found the right command(s) to whitelist yet, so you had to allow everything in order to make it work. You should get a log message for both successful and failed sudo calls. That should tell you what command(s) are required to make this work with a minimum of extra permission.

Considering the use case, you could substantially restrict the effect of the sudo ability by arranging that all processes other than the ancestors of sudo are run with setpriv --no-new-privs. This is effectively a per-process inheritable irrevocable nosuid flag. Processes with that flag can never setuid up, no matter what they try to run. Ensure that the user's browser/mail client/etc. run with that, and even a very broad sudo grant will be safe (relative to those processes directly executing sudo, but not relative to those processes maliciously modifying user startup files).
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2038
Location: Illinois, USA

PostPosted: Mon Nov 27, 2017 11:31 pm    Post subject: Reply with quote

Well, the commands stopped working. I was able to determine that the commands come through mate-control-center rather than xdm.
However, I checked per Hu's suggestion and acpid is running and after actually reading "man acpi" and viewing the shell scripts referenced there, it appears that after holding the power button down for four seconds, acpid notifys the kernel which starts orderly shutdown. So, that's the way for the user to do it. Typing "halt" or 'reboot" when logged as root in a VT or terminal also works.

Sorry for the late reply, I just got back from Alabama. After AT&T installed the modem, net.eth0 wouldn't connect. I forget the error. "no response" maybe? however, net.wlan0 connected right away wirelessly after I fixed the passphrase and SSID to what was on the modem sticker. So I did "rc-update del net.eth0 boot". No sense in a high speed connection to a modem running 3.0 Mbps (yes, that's not a misprint!) Even more surprising, youtube works fine.

I get "alsactl missing" errors but redirecting youtube to the 24" TV via HDMI, the TV gives sound. (???) Good enough.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 11426

PostPosted: Tue Nov 28, 2017 3:26 am    Post subject: Reply with quote

Four seconds might be necessary on some systems, but on every system where I have done this, it is sufficient to fully depress the button, then immediately release it. I don't like holding the button for a long time because if you hold it for too long (typically 8 seconds, although some quick Google searches suggest 10 seconds), that asks the firmware to drop power without alerting the OS. That triggers an unclean halt, so filesystems are not synced, the journal must be replayed, data may be lost, etc. I prefer the quick tap-and-release because it does not require counting time.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum