this post was submitted on 11 Oct 2024
24 points (100.0% liked)

Linux

48190 readers
1335 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Hello! Halt on Linux is disabled for average user by default. It will try to request sudo/root password and if fails returns:

sasha@fedora:~$ systemctl halt
Call to Halt failed: Access denied

How can I make same behavior for poweroff action? I know it is possible somehow via PolicyKit rulle

top 11 comments
sorted by: hot top controversial new old
[–] [email protected] 12 points 1 month ago (1 children)

Edit the sudoers file.

## user is allowed to execute halt and reboot 
whateverusername ALL=NOPASSWD: /sbin/halt, sbin/reboot, /sbin/poweroff
[–] [email protected] 5 points 1 month ago (1 children)

Just make sure to use visudo

[–] [email protected] 1 points 1 month ago
[–] [email protected] 8 points 1 month ago* (last edited 1 month ago) (1 children)

The relevant polkit policies should be defined here: https://github.com/systemd/systemd/blob/main/src/login/org.freedesktop.login1.policy

Disabling is done with some rules like this: https://bbs.archlinux.org/viewtopic.php?id=152565

polkit.addRule(function(action, subject) {
  if (action.id.indexOf("org.freedesktop.login1.power-off") == 0) {
    return polkit.Result.AUTH_ADMIN;
  }
});

Some other examples: https://gist.github.com/grawity/3886114

[–] [email protected] 2 points 1 month ago* (last edited 1 month ago) (1 children)

Thank you, it works! But I got weird behavior:

  1. User sddm also cannot execute poweroff (it is ok) but if I press shutdown button in sddm it will poweroff (not ok).
  2. If I press shut down in KDE Plasma I will get black screen and no sddm (I can restart it with systemctl restart sddm from tty and it will work again) How can I fix this bugs?
[–] [email protected] 1 points 1 month ago (1 children)
[–] [email protected] 1 points 1 month ago

SDDM main process is running as root and ignores all policies. So only way is modifying SDDM source code(

[–] [email protected] 4 points 1 month ago (1 children)

What if you try another interface, like shutdown -P now or poweroff -p?

[–] [email protected] 4 points 1 month ago* (last edited 1 month ago)

They all operates some way through systemd, so if operation is disabled via policy you cannot bypass it.

sasha@fedora:~$ /sbin/halt
Call to Halt failed: Interactive authentication required.
[–] [email protected] 3 points 1 month ago

What about systemctl poweroff ?

[–] [email protected] 2 points 1 month ago

Well, the logic in polkit is, if you have direct physical access to the machine (not SSH, actual keyboard, and so on), in general nothing stops you from just pressing and holding the power button. So giving a local user the right doesn't make worse.

To disable the behaviour you need to find the appropriate polkit rule in /usr/{lib,share}/polkit-1/rules.d and create a file with the same name in /etc/polkit-1/rules.d pointing to /dev/null.