Only allow a smaller selection of users to perform privileged shutdown/suspend/hibernate

Thanks for your report. It's desired feature that any normal users can do shutdown. I can't tell easiest way to do that. Please don't run gconf-editor as root. I hope you find solution this problem. Forums are good place to search.

Jouni Mettala: I do not understand, could you help?

You said "It's desired feature", then you said "I hope you find solution this problem". Is it a desired feature, a problem, or somehow both?

Why is the status "Needs Info"?

On the Ubuntu news page for the 6.06 release, where it says "...emphasis on the needs of large organisations with both desktop and server versions", is that because large organization like to let any user shut down the server? I doubt that. Do you think my doubt is reasonable?

I think it's good default to allow normal users to shut down. They probably don't change that. For you it's a problem because I think you have some good reason disallow shutdown for normal users.

http://ubuntu.wordpress.com/2006/03/20/disable-shutdown-for-normal-users/
gives an example how it could be done. I have not tested it. It is here just to give some ideas.

>Why is the status "Needs Info"?
If you tell why you don't want normal user doing shutdown it becomes easier to help. Are you thinking something like https://wiki.kubuntu.org/KubuntuKioskProfiles
for Gnome. I should have asked this earlier.

Thank you for the reply. The wordpress page is along the lines of what I was looking for. Unfortunately I have no menu item "Applications -> System Tools -> Configuration Editor". Is there a way to get to that function by other means? If so, as what user?

I want to remove the shutdown functions from the logout dialog because there is more than one concurrent user on the machine. The users are aware that they should not shut down, but the presence of the buttons makes it easy for someone to choose the wrong button inadvertently. I am happy to leave the power button and ctrl-alt-del available, as it seems less likely they will be used by mistake.

What I have done so far, when adding a new user foo, is to log in as foo and run gconf-editor as that user. In the editor, I go to /app/gnome-power-manager and uncheck "can_hibernate". Obviously it would be much more satisfactory to disable shutdown, restart and hibernate for all users, present and future.

(Ogra: see the LTSP/Edubuntu question further down; Keybuk: see the 'shutdown' question).

Jouni: There two separate issues here:

  (a) displaying the [Shutdown] button
  (b) allowing the shutdown to occur

By default, the current user [physically] logged into the console is allowed to shutdown the machine---this is the person that is sitting in front of the screen and keyboard.

If you SSH in as another user, you should find that the shutdown/suspend/hibernate will be prevented and permission denied.

The Edubuntu and LTSP teams specialise are particularly focused on the type of large-deployments you're working with.

Ogra: can you confirm the how the LTSP setup overrides these types of actions in thick-client mode?

Jouni: if you're wondering what happens, gnome-power-manager will eventually call:

  /usr/share/hal/scripts/hal-system-power-shutdown

which in turn calls '/sbin/shutdown'.

Scott: I assume that the upstart implementation of 'shutdown' does only execute with intent if run by capability == root? I was hoping that there might be an easy PAM group called for the authorisation.

Apologies to KM, I meant you in the places I wrote 'Jouni' above---I just glanced at the first person in the subscribers list.

Paul Sladen: thank you for the comments. No large deployment here yet I am afraid. The computer is a backup- and Samba-server for a small office of Windows laptops. It has a monitor-keyboard-mouse for users with login accounts on the machine, with the intention to add one or two more sets of monitor-keyboard-mouse later.

I wanted to avoid the windows users' shared folders disappearing because of someone on the attached monitor accidentally choosing Shutdown instead of Logout.

Since we run ldm and not gdm in LTSP and gnome session gets the info about logout and reboot from gdm directly, LTSP has no problems with these two functions. For gnome power manager a two line patch was added to prevent the options for suspend/hibernate to be shown:

diff -Nur gnome-power-manager-2.16.0/src/gpm-hal.c gnome-power-manager-2.16.0.new/src/gpm-hal.c
--- gnome-power-manager-2.16.0/src/gpm-hal.c 2006-09-07 10:28:14.000000000 +0200
+++ gnome-power-manager-2.16.0.new/src/gpm-hal.c 2006-09-07 10:30:25.000000000 +0200
@@ -207,7 +207,7 @@
        exists = gpm_hal_device_get_bool (hal, HAL_ROOT_COMPUTER,
                                          "power_management.can_suspend_to_ram",
                                          &can_suspend);
- if (exists == FALSE) {
+ if (exists == FALSE || g_getenv("LTSP_CLIENT")) {
                gpm_warning ("gpm_hal_can_suspend: Key can_suspend_to_ram missing");
                return FALSE;
        }
@@ -268,7 +268,7 @@
        exists = gpm_hal_device_get_bool (hal, HAL_ROOT_COMPUTER,
                                          "power_management.can_suspend_to_disk",
                                          &can_hibernate);
- if (exists == FALSE) {
+ if (exists == FALSE || g_getenv("LTSP_CLIENT")) {
                gpm_warning ("gpm_hal_can_hibernate: Key can_suspend_to_disk missing");
                return FALSE;
        }

KM: the following are kludgey, disgusting quick workarounds; I wouldn't deploy this on more than one machine:

  $ sudo mv /sbin/shutdown /sbin/real-shutdown

a better way to do that is probably using 'dpkg-divert' somehow. You could also remove the execute permissions:

  $ sudo chmod a-x /sbin/shutdown

The 'ctrl-alt-del' command combination can be dealt with by editing:

  /etc/inittab

and commenting out:

  ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now

As root run
    gconf-editor
      Navigate to Apps-> gnome-power-manager ->
      Uncheck these two keys:
        can_hibernate
        can_suspend
This resulted in immediately removing the Hibernate functions from all currently running sessions.

Very nice.
-Joe Baker

Joe Baker: I tested the gconf change in Feisty, unfortunately it is not a solution because new users are still offered Suspend and Hibernate.

[Expired for gnome-power-manager (Ubuntu) because there has been no activity for 60 days.]