Alois, I do this (in spite of the concerns given by the previous posters - users are far less likely to push the physical button, especially if it is on the other side of a panel and if word gets around that the system manager greatly frowns on this). However, my policy kit files are slightly different from the ones posted at the link that was given.
I create a separate policy kit file for each action and have (all in /etc/polkit-1/localauthority/50-local.d): stop.pkla containing [Normal User Stop Permissions] Identity=unix-user:* Action=org.freedesktop.consolekit.system.stop ResultAny=no ResultInactive=no ResultActive=auth_admin an identical file called restart.pkla which is the same as the above except that [Ss]top is replaced with [Rr]estart everywhere. And, to be complete, I have the power related files hibernate.pkla and suspend.pkla with: [Normal User Suspend Permissions] Identity=unix-user:* Action=org.freedesktop.devicekit.power.suspend ResultAny=no ResultInactive=no ResultActive=auth_admin with [Ss]uspend replace by [Hh]ibernate in its file. The 'ResultActive=auth_admin' means that any attempt to use buttons to power off or restart the system result in a prompt requiring authentication. This also helps to reinforce the idea that normal users are not supposed to shutdown or restart systems. This has been very successful in a lab full of machines which are also used in a Condor pool and for remote login access. (Remote users get quite grumpy if someone suddenly shuts down the system they have been editing a file on for several hours ;-) The 'pkaction' command is quite useful in finding out what policies exist and how they are set so that you can change them in this fashion. Andy On Oct 5, 2011, at 8:10 AM, Prentice Bisbal wrote: > Alois, > > If users have physical access to the systems and can hit the power > button or unplug the system, I strongly recommend that you leave the > shutdown option on the start menu. If a user is determined to > shutdown/reboot a computer, I would much rather they shut it down > gracefully by using the shutdown command than doing it harshly buy > holding the power button or unplugging the system, which can lead to a > host of other problems. > > -- > Prentice > > > On 10/05/2011 08:49 AM, Horst Severini wrote: >> Hi Alois, >> >> I'm not sure there is a way to remove that, and I'm not sure it makes too >> much sense to look too hard for it, either, since when someone is sitting >> right in front of a computer, they can (a) shut it down from the login >> screen, >> or (b) press the power button or (c) unplug the power cord, so in my mind >> it doesn't much matter if you eliminate one way to shut it down when >> there are several other you can't eliminate. >> >> Just my 2c, >> >> Horst >> >> Alois Treindl <[email protected]> wrote: >> >>> I have recently installed RHEL6 with GNOME desktop. >>> >>> In each user's menu appeasr under the entry 'System' also to item 'Shut >>> down' >>> >>> I would like to remove this item for all users except root. >>> In fact normal users can use this link to shut down the system, they are >>> not asked for root password. I do not know how this can happen? >>> Where can I at least configure that they are asked the root password for >>> shutdown? >>> > > _______________________________________________ > rhelv6-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/rhelv6-list _______________________________________________ rhelv6-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv6-list
