Jedy Wang schrieb: > Hi Darren, > > I just tried run reboot as console user and it failed. It seems reboot > does not support RBAC. In this case I have to extend ConsoleKit too and > wait for the its integration (after b128). Do you have any other > suggestion? >
> On Tue, 2009-09-01 at 11:26 +0100, Darren J Moffat wrote: >> Jedy Wang wrote: >>> This can be done. I can update my code to make gnome-session invoke >>> "reboot -f" or "reboot -p" based on what users' choice and do not change >>> config/fastreboot_default property. >> I don't see how that can work. gnome-session is not running with any >> privilege and with the uid/gid of the logged in user and'reboot' is not >> setuid. >> In another mail in this thread I wrote: "One way to do that is to add a privileged helper that checks for the solaris.system.shutdown authorization and then sets the transient override (probably using method 1.1.3). It might be simplest to make that helper setuid 0, because a mechanism that uses a "Shutdown User" profile to do this via pfexec is harder to remove, if the issue gets fixed on the fast reboot or SMF end." I still think that this would be an appropriate solution until the architectural disconnect that makes this so hard can be fixed. - J?rg -- Joerg Barfurth phone: +49 40 23646662 / x66662 Software Engineer mailto:joerg.barfurth at sun.com Desktop Technology http://reserv.ireland/twiki/bin/view/Argus/ Thin Client Software http://www.sun.com/software/sunray/ Sun Microsystems GmbH http://www.sun.com/software/javadesktopsystem/
