Re: Root priviledges needed to poweroff
It is clear that different scenarios require different rules. I have installed Fedora for three different friends. All at different physical locations from my place. These people have no computer knowledge, so giving them elevated permissions spells disaster. However they must to be able to start the box and turn it off. A different scenario is server box which requires different rules. Thus why not make the choice configurable? One of my many dislikes of Microsoft Windows has been its rigidity. Furthermore, as it stands today be caught in a false sense of security. A reboot can be executed immediately by any user regardless of whether anyone else is logged in and with no warning issued. - Original Message - On Fri, Jul 27, 2012 at 11:09:03 +0200, Karel Volný wrote: > >if the user is local then DO NOT ask for admin privileges (else >the user will just cut the power supply which is worse than >killing others' running processes) I'd prefer to keep that option. A local user would be less likely to power off the machine than shut it down. (Which for some of my machines they shouldn't be doing.) -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: Root priviledges needed to poweroff
On Fri, Jul 27, 2012 at 11:09:03 +0200, Karel Volný wrote: if the user is local then DO NOT ask for admin privileges (else the user will just cut the power supply which is worse than killing others' running processes) I'd prefer to keep that option. A local user would be less likely to power off the machine than shut it down. (Which for some of my machines they shouldn't be doing.) -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: Root priviledges needed to poweroff
On Fri, Jul 27, 2012 at 6:09 AM, Karel Volný wrote: > but the warning should not prevent _any_ eligible user from > powering off/rebooting, it should just provide a possibility to > reconsider +1 FC -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: Root priviledges needed to poweroff
Dne Čt 26. července 2012 21:36:20, Adam Pribyl napsal(a): > On Thu, 26 Jul 2012, ergodic wrote: > > Karel your philosophy is correct. I have seen this issue > > when my grandchildren complained that they could not turn of > > their box after it was was upgraded to F-17. That is why I > > filed Bug 843299. > > > > Manny > > While I understand the reasoning made by Karel, I have to say, > that the message preventing user to poweroff saved me a lot of > times work I was doing on their workstation remotely. > > The bug you've submitted I understand is saying the > /usr/bin/reboot should ask or warn if someone else is logged > in (!), else reboot immediately, but /usr/sbin/reboot should > reboot without asking, if you have sufficient permissions, > which is not the case when you invoke it as a user - that's > why system asks for authentication. I'd say this a bit > different thing to what we are talking here about. hm, now I'm a bit confused who talks about what :-) I say that warning about users logged in is useful *always* (both for ordinary user and for admin) but the warning should not prevent _any_ eligible user from powering off/rebooting, it should just provide a possibility to reconsider "eligible user" is a) admin b) local user if the user is not local then ask for admin privileges if the user is local then DO NOT ask for admin privileges (else the user will just cut the power supply which is worse than killing others' running processes) in addition, admin should be able to override the warning not having to explicitly answer "yes I'm sure I want reboot despite there are other users logged in" to allow to schedule the reboot/poweroff or script it, but this (not asking) should not be the default behaviour reboot and poweroff should act the same in this regard - if they don't, that's a clear bug K. -- Karel Volný QE BaseOs/Daemons Team Red Hat Czech, Brno tel. +420 532294274 (RH: +420 532294111 ext. 8262074) xmpp ka...@jabber.cz :: "Never attribute to malice what can :: easily be explained by stupidity." signature.asc Description: This is a digitally signed message part. -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: Root priviledges needed to poweroff
On Thu, 26 Jul 2012, ergodic wrote: Karel your philosophy is correct. I have seen this issue when my grandchildren complained that they could not turn of their box after it was was upgraded to F-17. That is why I filed Bug 843299. Manny While I understand the reasoning made by Karel, I have to say, that the message preventing user to poweroff saved me a lot of times work I was doing on their workstation remotely. The bug you've submitted I understand is saying the /usr/bin/reboot should ask or warn if someone else is logged in (!), else reboot immediately, but /usr/sbin/reboot should reboot without asking, if you have sufficient permissions, which is not the case when you invoke it as a user - that's why system asks for authentication. I'd say this a bit different thing to what we are talking here about. Adam Pribyl - Original Message - Dne St 25. července 2012 11:46:51, Adam Williamson napsal(a): I just tested on two F17 machines and running 'reboot' as a regular user happily reboots the system even if root is logged in at VT2, no warning or authentication required. That does seem to make the 'protection' on the graphical reboot button a bit pointless, but meh. ahem, any such "protection" is pointless and in fact contraproductive as long as the user is able to pull out the AC cord (or the battery in case of laptops) (or use sysreq magic) warning? - good idea, and it should be more sophisticated to be helpful when asking others to save the work and logout (or identifying what is running and who runs it) authentication? - no, as it may prevent the user from shutting down the system gracefully K. -- Karel Volný QE BaseOs/Daemons Team Red Hat Czech, Brno tel. +420 532294274 (RH: +420 532294111 ext. 8262074) xmpp ka...@jabber.cz :: "Never attribute to malice what can :: easily be explained by stupidity." -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test Odchozi zprava neobsahuje viry, protoze nebyla odeslana z Windows. Otestovano zdarma a legalne na OS Linux. (Proc pouzivat Linux - http://proc.linux.cz/). -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: Root priviledges needed to poweroff
Karel your philosophy is correct. I have seen this issue when my grandchildren complained that they could not turn of their box after it was was upgraded to F-17. That is why I filed Bug 843299. Manny - Original Message - Dne St 25. července 2012 11:46:51, Adam Williamson napsal(a): > I just tested on two F17 machines and running 'reboot' as a > regular user happily reboots the system even if root is logged > in at VT2, no warning or authentication required. That does > seem to make the 'protection' on the graphical reboot button a > bit pointless, but meh. ahem, any such "protection" is pointless and in fact contraproductive as long as the user is able to pull out the AC cord (or the battery in case of laptops) (or use sysreq magic) warning? - good idea, and it should be more sophisticated to be helpful when asking others to save the work and logout (or identifying what is running and who runs it) authentication? - no, as it may prevent the user from shutting down the system gracefully K. -- Karel Volný QE BaseOs/Daemons Team Red Hat Czech, Brno tel. +420 532294274 (RH: +420 532294111 ext. 8262074) xmpp ka...@jabber.cz :: "Never attribute to malice what can :: easily be explained by stupidity." -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: Root priviledges needed to poweroff
Dne St 25. července 2012 11:46:51, Adam Williamson napsal(a): > I just tested on two F17 machines and running 'reboot' as a > regular user happily reboots the system even if root is logged > in at VT2, no warning or authentication required. That does > seem to make the 'protection' on the graphical reboot button a > bit pointless, but meh. ahem, any such "protection" is pointless and in fact contraproductive as long as the user is able to pull out the AC cord (or the battery in case of laptops) (or use sysreq magic) warning? - good idea, and it should be more sophisticated to be helpful when asking others to save the work and logout (or identifying what is running and who runs it) authentication? - no, as it may prevent the user from shutting down the system gracefully K. -- Karel Volný QE BaseOs/Daemons Team Red Hat Czech, Brno tel. +420 532294274 (RH: +420 532294111 ext. 8262074) xmpp ka...@jabber.cz :: "Never attribute to malice what can :: easily be explained by stupidity." signature.asc Description: This is a digitally signed message part. -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: Root priviledges needed to poweroff
On Wed, 2012-07-25 at 14:12 -0400, ergodic wrote: > Thanks for your reply Adam. > Why then reboot does not complain? Reboot executes immediatly. > All those directives link to consolehelper or to systemctl, which should ask > for authentication if another user is logged. I don't think that's correct. consolehelper isn't that sophisticated, AIUI, it can't vary its behaviour conditionally like that. I don't recall 'reboot' _ever_ working the same way. I just tested on two F17 machines and running 'reboot' as a regular user happily reboots the system even if root is logged in at VT2, no warning or authentication required. That does seem to make the 'protection' on the graphical reboot button a bit pointless, but meh. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: Root priviledges needed to poweroff
On Wed, 25 Jul 2012, ergodic wrote: Thanks for your reply Adam. Why then reboot does not complain? Reboot executes immediatly. All those directives link to consolehelper or to systemctl, which should ask for authentication if another user is logged. Well then the reboot is broken? - Original Message - On Mon, 23 Jul 2012, ergodic wrote: Executing poweroff in F-17 (x86_64 up to date) defaults to the "Authentication is required for powering off the system while other users are logged in" snippet. Only one user (user1) actually logged in, however results from "who" and "users" show otherwise: # who user1 :0 2012-07-23 13:04 (:0) user1 pts/0 2012-07-23 14:39 (:0) root pts/1 2012-07-23 14:39 (:0) root pts/2 2012-07-23 14:39 (:0) root pts/3 2012-07-23 14:39 (:0) root pts/4 2012-07-23 14:39 (:0) Those are IMHO some term started with root privileges. As soon as tehere is a anybody else logged except the user which is going to poweroff, then powerof complains about other user logged any - looks correct to me. Is this correct or is it there a problem? Thanks in advance. Adam Pribyl -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: Root priviledges needed to poweroff
Thanks for your reply Adam. Why then reboot does not complain? Reboot executes immediatly. All those directives link to consolehelper or to systemctl, which should ask for authentication if another user is logged. - Original Message - On Mon, 23 Jul 2012, ergodic wrote: > Executing poweroff in F-17 (x86_64 up to date) defaults to the > "Authentication is required for powering off the system while other users are > logged in" snippet. > > Only one user (user1) actually logged in, however results from "who" and > "users" show otherwise: > > # who > user1 :0 2012-07-23 13:04 (:0) > user1 pts/0 2012-07-23 14:39 (:0) > root pts/1 2012-07-23 14:39 (:0) > root pts/2 2012-07-23 14:39 (:0) > root pts/3 2012-07-23 14:39 (:0) > root pts/4 2012-07-23 14:39 (:0) Those are IMHO some term started with root privileges. As soon as tehere is a anybody else logged except the user which is going to poweroff, then powerof complains about other user logged any - looks correct to me. > Is this correct or is it there a problem? > > Thanks in advance. > Adam Pribyl -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: Root priviledges needed to poweroff
On Mon, 23 Jul 2012, ergodic wrote: Executing poweroff in F-17 (x86_64 up to date) defaults to the "Authentication is required for powering off the system while other users are logged in" snippet. Only one user (user1) actually logged in, however results from "who" and "users" show otherwise: # who user1 :0 2012-07-23 13:04 (:0) user1 pts/0 2012-07-23 14:39 (:0) root pts/1 2012-07-23 14:39 (:0) root pts/2 2012-07-23 14:39 (:0) root pts/3 2012-07-23 14:39 (:0) root pts/4 2012-07-23 14:39 (:0) Those are IMHO some term started with root privileges. As soon as tehere is a anybody else logged except the user which is going to poweroff, then powerof complains about other user logged any - looks correct to me. Is this correct or is it there a problem? Thanks in advance. Adam Pribyl -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
