On Fri, 2008-04-25 at 16:39 +0200, Ralf Corsepius wrote: > On Fri, 2008-04-25 at 08:23 -0600, Christopher A. Williams wrote: > > On Fri, 2008-04-25 at 15:47 +0200, Ralf Corsepius wrote: > > > Do you expect arbitrary users to switch off an unattended ("free") > > > machine in a lab's or an office's machine pool, a classical workstation > > > scenario? > > > > Bottom line answer to this is emphatically YES ABSOLUTELY! If it's a > > kiosk type machine. > Workstation != kiosk. > > A workstation is being shared amongst several users, users who aren't > necessarily logged into the console. That, then, is not a workstation. By strict definition, it's a server. A server is generally defined as being any computer or program that shares its resources with another computer or program. For example, the reason why you run an X Windows _Server_ on your desktop is because your desktop's display is being shared by the X Windows Server with a program that is running on your system or (often times) elsewhere on another machine. In your example, that "workstation" is a server because it is sharing resources with remote users logged into the system, or other programs are using resources that have been shared from that so-called "workstation". By mixing these roles in the way you state, you actually violate a number of principles with respect to security. Users should not be allowed to login to the console, and only administrators should have physical access to the machine. > > > In fact, given today's energy costs, I actually > > would hope that someone would be savvy enough to do this at the end of > > the day. There is absolutely no risk in powering such a system down as > > the next user would only need to power the thing back up. > > To shutdown a machine, the "instance/authority" shutting down a machine > would have to know that nobody is wanting to use a machine. ...Which, again, makes the systems you describe servers. Server administrators would know this is the case and would notify the user community, as well any users on the system, of such events in advance. > > > My home computer has multiple user accounts > This is a different scenario than what I am talking about. > > > If you truly have a multi-user environment - and multi-user means that > > more than 1 person is logged onto the machine simultaneously - then you > > have a different scenario, and in this case, the system essentially is a > > server. > Well, any workstation and any Linux system to some extend is a server :) Close. Most all modern single user systems, regardless of the OS, have certain server capabilities. That's why we call such systems networking peers (the peer-to-peer networking idea). However, since the intended use of such systems is such that non-administrators have physical access to the machine and are logged into the local console, they are treated as single user systems. > > > > Q: How to disable these buttons permanently? > > > > I'm not certain, however I would be hesitant to do this. > > Why? This is the classical workstation-pool scenario. A set of machines > being up around the clock and not supposed to be switched off. ...Ummm no. Actually, that's a classic server scenario that violates some basic "system administrator 101" security principles. It mixes roles of servers and workstations in a way that should give every CISSP fits. Allowing non-administrators physical access to login to the local console of such systems is just bad system administration security practice. Nonetheless, the solution I proposed would still allow you to work around the situation sufficiently. Cheers, Chris -- =========================== "If you are calm while all around you is chaos, then you probably haven't fully understood the magnitude of the situation." --Unknown -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list