Ubuntu
policykit package

Power management policy not enforced in Hardy Beta 1

Bug #205226 reported by defishguy
18
Affects Status Importance Assigned to Milestone
policykit (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

Shutdown / reboot policies for a machine that has multiple users logged in have no effect when the Switch User function is used.

For example the policy for shutting down the system when users are logged in is set to NO for all implicit and with no explicit permissions any user is still permitted to shutdown the system. The same is true for rebooting.

Blocking a user from being able to shutdown or reboot the computer at all also has no effect. The user is still able to reboot or shutdown the computer regardless of policy setting variation including an explicit block.

Revision history for this message
Christoph Langner (chrissss) wrote :

I can confirm this problem.

Changed in policykit:
status: New → Confirmed
Revision history for this message
ingo (ingo-steiner) wrote :

I did file similar bug which was said to be duplicate of this one:
https://bugs.launchpad.net/ubuntu/+bug/206683

From my point of view it would be acceptable, if a non privileged user has logged in as the only one user, that he/she is able to shutdown/reboot as a contribution to convenience.

But is is absolutely NOT acceptable that if more than one user is logged in, a non-privileged user is allowd to shutdown/reboot the system. This way an inherent feature of Linux - a secure multi-user-system - is degraded to stone age times without any user-permissions. Ever heard opf the shell command 'users' to see who is logged in?
In fact such beheaviour could also be used by malicious software and represents a SEVERE security issue

Revision history for this message
Phillip Susi (psusi) wrote :

Hardy has reached end of life. Has this happened in 12.04 or later?

Changed in policykit (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for policykit (Ubuntu) because there has been no activity for 60 days.]

Changed in policykit (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.