LTSP Users are allowed to shut down LTSP server

Can you try to create kiosk files on the server according to
http://www.xfce.org/documentation/docs-4.2/xfce4-session.html#xfsm-kiosk-mode
and see if it helps?

hmm, actually it may need an new upload to fix this, as the logout dialog
talks to HAL directly and does not use the xfce shutdown helper which is inhibited by that settings. I'll think of something else

those kiosk settings may help in not letting users modify the panel or the menu, after removing the quit applet from them.
What should a client be able to do? Logout seems the only harmless action
in the current dialog.

Ok, I have a patch to xfce4-session which makes it not ignore
/etc/xdg/xfce4/kiosk/kioskrc
Having this in the file
[xfce4-session]
Shutdown=%admin

substitute %admin with %anygroup or username
and for the rest only the logout button will be shown (no restart/hibernate etc)

But before a possible upload we should see what else comes up and what the exact requirements are maybe a more general or a cleaner solution is found.

Now xfce4-session correctly observes the kiosk settings so this problem can be handled by the administrator of a thin client setup.

Closing this bug for xubuntu-meta since it seems it was fixed in xfce4-session.