Re: [gdm-list] gnome-session or gdm shutdown?

From: Brian Cameron <Brian Cameron Sun COM>
To: Michael Pardee <gdm-list groovix com>
Cc: gdm-list gnome org
Subject: Re: [gdm-list] gnome-session or gdm shutdown?
Date: Mon, 12 Dec 2005 23:40:45 -0800


Michael:

Sorry for the slow response.

Refer to gnome-session/gdm-logout-action.[ch] in the gnome-session code.
gnome-session queries GDM to see if the "Reboot" and "Shutdown" choices
are available from the login screen.  If they are, then gnome-session
simply tells GDM to go ahead and perform the action on logout.
If the user can push the button on the login screen, then they should

be able to access it via the logout dialog. It uses the"QUERY_LOGOUT_ACTION" and "SET_LOGOUT_ACTION" "gdmflexiserver --command"

to talk back and forth with the GDM daemon.  Refer to the GDM docs to
see how this works at http://www.gnome.org/projects/gdm/.

There may be a bug in a multi-user situation where GDM isn't returning
a sensible value when QUERY_LOGOUT_ACTION is called.  Perhaps it needs
to be smarter and return "FALSE" if a display is a flexi display or
something.

I think the easiest way to turn this off is to change your gdm.conf
settings so that the Halt/Reboot options are not allowed in GDM at
all.  That should make it impossible to reboot/restart from the logout
dialog.

Note that some distros have a patch which add a "secure action menu"
where you have to type a root password to access the action menu
functions.  Note that this patch has not been shared with me, or put
into bugzilla, and is not a normal or supported part of GDM.  Perhaps
the problem is that you need a root password to access the menu, but
it still lets you set the logout action via gdmflexiserver?  That
would be nasty.  If this is your problem, you'll have to take this
up with the distro which is hopefully supporting the "secure action
menu" patch.  It'd be better to try and get this patch into CVS so
it can be better supported, I'd think.

Brian

I posted a question to gnome-list about this yesterday and have no
responses, so here it is framed a bit differently and it might be a
gdm question after all.  If this should be an a different list please
let me know.

When a user logs out of gnome-session, they get a logout menu offering
to shutdown, reboot, suspend, or just log out.  Can someone point me
to the documentation for how that mechanism works exacly?  It's been a
long time since I wrote C so tracing through source code without even
knowing where to start is a last resort. Obviously a normal user can't
just call shutdown, and I don't think sudo is being used, so what
mechanism is actually calling shutdown, is it something in
gnome-session or gdm (which is why I'm asking gdm-list).

The reason for this question is that we need a way to prevent normal
users from shutting down (this is for multi-user environments, and
users don't have access to the power button, so the gnome-session
logout menu "feature" is the only way they can shutdown maliciously or
accidentally.  And we dont' want to disable the whole logout
confirmation menu with gconf)

Any ideas?
Thanks,
Mike

--
Michael Pardee
1-888-323-1742
Open Sense Solutions LLC
http://opensensesolutions.com
_______________________________________________
gdm-list mailing list
gdm-list gnome org
http://mail.gnome.org/mailman/listinfo/gdm-list

References:
- [gdm-list] gnome-session or gdm shutdown?
  - From: Michael Pardee

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]