Hi, Below are my motivations for bringing this issue up: ==================================================== - The intended use of the computers are for desktop applications. - I don't want to give the root password away to other users on my machines, in this case my family members. - Mainly the kids use the computers for games, especially networked. - I want to enable my family to use Linux instead of the other OS. Therefore it is important that they can start the computer, run it and shut down in a CONTROLLED way. Restart/shutdown are menu entries in the other OS!! - Since the user has direct access to the computer, he/she can turn off the power switch. This is NOT a preferred way to shut down, you know the possible consequences of this. - GDM, XDM or KDM are not interesting, since then ALL users have to use the graphical login. I prefer to go to X with startx, for other users startx can be put in their login scripts. I know you can always go to a virtual console with CTRL-ALT-Fx, x = 1,...,6. I dont prefer this solution. It is much nicer to start X from the console, from there enabling logging of errors etc. - Sudo, super etc can be used but I would prefer logout/halt/reboot as a default behavior IF you have CHOSEN to enable it during OS-install. - I'm running Redhat 6.1, RawHide 19991210, Mandrake 6.1, SuSE 6.3 and Debian 2.2 on four different machines. Unfortunately also the other OS is present on three of them!! Here is a short summary of the replies obtained on this issue and my comments. ============================================================================== - In rawhide/redhat 6.1 one can in the gnome panel either choose logout (from X, halt or reboot as an ordinary user by just giving the user password). As described by Owen Taylor at Redhat the commands halt and reboot (located at /usr/bin not /sbin) are links to the program consolehelper, which is part of the usermode package. Authentication is using PAM. Full message is included last in this mail. - According to the man page, the program consolehelper is a wrapper to userhelper. Consolehelper is not suid root, userhelper is. - The RedHat solution seem to be a very handy one. What about implementing it also for other distributions, such as Debian, SuSe, Mandrake etc. Or more conveniently, what about building it into gnome/kde. - Some users want the opposite, only selected users should be able to shutdown. What about just uninstalling the package enabling this behavior? Also disabling CTRL-ALT-DELETE is possible by editing /etc/inittab. But the problem remains: If the user has access to the power-on button he/she can just turn off the power!!! Thank you to the people who replied: Owen Taylor <[EMAIL PROTECTED]> Martin Fluch <[EMAIL PROTECTED]> Jacob Berkman <[EMAIL PROTECTED]> Bob Phan <[EMAIL PROTECTED]> Sean Middleditch <[EMAIL PROTECTED]> Jens Lautenbacher <[EMAIL PROTECTED]> Lenz Grimmer <[EMAIL PROTECTED]> Best regards, [EMAIL PROTECTED] Svante Signell <[EMAIL PROTECTED]> writes: > Hello, > > I have been running redhat rawhide with enlightenment and gnome for > some time now. Recently another machine got debian slink installed, > upgraded to potato. In rawhide an ordinary user can log out of X, > reboot or halt the computer, just by supplying the user password. How > to enable this also in potato? (In potato the logout button in the > gnome panel only enable you to exit from X!) The shutdown/reboot functionality in the logout dialog is based on a package called 'usermode' which build on top of the PAM authentication system. usermode is a bit like sudo in concept - it allows users to run certain commands that they wouldn't normally have access to, based on authentication through PAM. Usermode, however, is more useable in GUI environments, more configurable in some ways (PAM is almost infinitely configurable), and more transparent to the user. Potato does use PAM, at least in part, so it would be possible to port usermode, though it wouldn't be trivial, as Debian doesn't seem to be currently using the pam-console part of PAM which is used to give special privileges to users logged in at the console. Actually, the dependence between gnome-session and usermode for this facility is small - all gnome-session does is make some simple checks to see if the facility is there, and if it is there, adds the extra options and exec()'s a given command upon logout instead of exiting. So it wouldn't be at all hard to adapt to some other method of user rebooting. Regards, Owen -- To unsubscribe: mail -s unsubscribe [EMAIL PROTECTED] < /dev/null