On Fri, 2008-04-25 at 15:47 +0200, Ralf Corsepius wrote:
> > I find these buttons very useful. My machine double boots. Sometimes I
> > make a mistake and allow the machine to boot to the wrong OS. Using
> > these buttons I can correct the situation. Other times I boot my machine
> > and I realize before I login that I really wanted to shutdown the
> > machine.
>
> "your" machine => single-user environment.
>
> > But I confused by your question. How does this extra functionality hurt
> > you or anyone else?
> Do you expect arbitrary users to switch off an unattended ("free")
> machine in a lab's or an office's machine pool, a classical workstation
> scenario?
Bottom line answer to this is emphatically YES ABSOLUTELY! If it's a
kiosk type machine. In fact, given today's energy costs, I actually
would hope that someone would be savvy enough to do this at the end of
the day. There is absolutely no risk in powering such a system down as
the next user would only need to power the thing back up.
My home computer has multiple user accounts - one for each family
member. The fact that shutdown/restart is enabled at both the login
panel and in user sessions has NEVER been an issue. By pure definition,
this is a single user system that multiple people can log into. That's
notably different from a true multi-user system.
If you truly have a multi-user environment - and multi-user means that
more than 1 person is logged onto the machine simultaneously - then you
have a different scenario, and in this case, the system essentially is a
server. Best practices in security then pretty much dictate that, on top
of other things, non-administrators should not be allowed to have
physical access to the machine. Period.
Also in this case, non-administrators should indeed not be allowed to do
anything that could impact the machine or other users. It is also then
appropriate to disable the shutdown and restart buttons in user
sessions. What would also make sense in this case is to require that the
root password be provided at the login panel in order to
shutdown/restart from there.
>
> Q: How to disable these buttons permanently?
I'm not certain, however I would be hesitant to do this. Perhaps a more
appropriate feature request would be to disable shutdown/restart for non
administrators, or alternately, require that the root password be
provided if these options are chosen unless you are already logged in as
root. I would also require that the root password be provided to execute
these options from the login panel.
That, of course, assumes you're not passing out the root password or
equivalent sudo rights to non-admins in a multi-user environment...
Cheers,
Chris
--
===========================
"If you are calm while all around you is chaos,
then you probably haven't fully understood
the magnitude of the situation."
--Unknown
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
