Re: Embarrassing security bug in systemd
- Date: Thu, 7 Dec 2017 00:29:18 +0100
- From: Michael Biebl <biebl@xxxxxxxxxx>
- Subject: Re: Embarrassing security bug in systemd
Am 06.12.2017 um 23:53 schrieb Michael Lange: > Hi, > > uh, I guess you ought to have used your time to check your machine and > read some docs instead of figuring out how to best insult the debian > developers ;) > (scnr) > > On 06 Dec 2017 22:52:17 +0100 > Urs Thuermann <urs@xxxxxxxxxxxxxxxxx> wrote: > > (...) >> I wonder how can such a severe bug make it into a Debian stable >> distribution? And is this just an insane default setting on Debian's >> side or is it yet another instance of brain-dead systemd behavior? > > Maybe I am just a brain-dead loony, but personally I prefer to be able to > shut down or reboot my system without having to type a password. If you > do not like this behavior you might have to learn how to define > polkit rules. For the interested reader, see /usr/share/polkit-1/actions/org.freedesktop.login1.policy org.freedesktop.login1.power-off has the following defaults <defaults> <allow_any>auth_admin_keep</allow_any> <allow_inactive>auth_admin_keep</allow_inactive> <allow_active>yes</allow_active> </defaults> As has already been mentioned, active, local users can shutdown/reboot the system without requiring a password. This is intended behaviour (for the reasons already mentioned) and can indeed be overridden by custom polkit rules. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
Description: OpenPGP digital signature