Home | News | Download | Packages | Forum | Wiki | Github

[SOLVED] Normal user cannot shutdown


(Paul B.) #1

I have an odd problem with a fresh Void install that I can’t remember having before. I have 2 users: mine which is in the wheel group and my wife who is not in the wheel group. Using a fresh install from the xfce4 live cd. Her user is in the following groups:

angie lp audio video cdrom scanner input users

I see the shutdown, suspend, hibernate, etc. buttons when I go to log out of xfce4 but she only has the “logout” button, the rest are grayed out. Colsolekit and polkit are both installed. Not addding her to the wheel group because that is not necessary: this should just work.

Thoughts?


#2

Did you add dbus to the services? Also try launching xfce like this:
exec ck-launch-session dbus-launch --sh-syntax --exit-with-session startxfce4


(Paul B.) #3

Dbus is in running services and I am launching xfce4 via lxdm. Not sure how to add those params to launch xfce4 or that I even need to - this should just work. Can I add that to the line in /etc/lxdm/lxdm.conf that calls “startxfce4”?


#4

I have no experience with lxdm, I’m using slim which calls console-kit on it’s own. Usually this would be in .xinitrc but I guess it’s worth a try adding it to lxdm.conf.


(Masato the Empty) #5

I don’t have lxdm, so I’m not sure how lxdm.conf works (or how the DM invokes the session), but if the command for starting the desktop session is configurable, then note that the “startxfce4” script can be told to use start a consolekit session for the user in two ways:

  • environment variable XFCE4_SESSION_WITH_CK=1
  • –with-ck-launch flag (startxfce4 --with-ck-launch)

#6

:dog2: Out of curiosity: what is the idea behind this? I mean: maybe you could achieve your goal without having to exclude a user from a group, by using a different solution?


(Paul B.) #7

Thanks masato - will investigate these possibilities.


(Paul B.) #8

Not sure what you mean by this. I am not adding my wife to the wheel group because she has no reason to be in it. In all actuality neither do I but for convenience I am. I will probably switch over to sudo completely but have not done so yet.


#9

Works essentially the same way as lightdm; I use it and have never had this issue with xfce.


(Masato the Empty) #10

As the admin, you probably want yourself to be in wheel. Unless you change the default sudoers config (nothing wrong if you do), being in wheel is what gives you superuser rights through sudo.

There aren’t any programs/configs owned by wheel as far as I can see, though I don’t know if polkit uses wheel membership for any additional permissions. Otherwise, wheel members still have to use sudo to do any damage, and by default, only they can.


#11

@sevendogs can you compare the result of: ck-list-sessions

between your user and her user, in xfce ?


#12

It does.
Just checked the Void live xfce ISO, and this file is present:

# cat /etc/polkit-1/rules.d/void-live.rules
polkit.addAdminRule(function(action, subject) {
    return ["unix-group:wheel"];
});

polkit.addRule(function(action, subject) {
    if (subject.isInGroup("wheel")) {
        return polkit.Result.YES;
    }
});

This allows the user anon to get more privileges.


[SOLVED] Gparted won't ask for password
(Masato the Empty) #13

Maybe. Turns out the addadminrule there is also part of the default config for polkit. That one just determines how admin status is determined. The addrule one there looks like it tells the caller to allow all actions to group wheel. Akin to a “%wheel ALL=(ALL) NOPASSWD: ALL” line in sudoers. (assuming polkit.Result.YES means “allow” in all contexts…)

Probably this can be used in many of the DE isos, but integration with the *kits isn’t as common in CLI utilities; I’ve only had an interest in the base ISO, so I don’t know what extras are in the various flavors.


(Paul B.) #14

Thanks cr6 - I did that and we each have one session in which active = “TRUE” and one in which active = “FALSE”.


(Paul B.) #15

So what does this mean? Does this mean only wheel group users can shut down/suspend, etc? I can’t remember when the last time I had void installed whether or not my other user could shutdown and reboot, etc.


#16

That is indeed the case, on my xfce system.
I removed my user from the wheel group, and now I only have the “logout” button, the rest are grayed out.
This is exactly what you described in your first post.

sudo is furthermore disabled:

$ sudo shutdown -h now
Password: 
user is not in the sudoers file.  This incident will be reported.

(Paul B.) #17

Interesting - secure I suppose but doesn’t make much sense for a workstation. No worries, now I know it’s not just me and there is nothing wrong. Thanks for help, all!


#18

I’m with @PackRat. Lightdm + Xfce4 worked for me right out of the box for a non-privileged user.


(Paul B.) #19

I would use lightdm but for some crazy reason, on both FreeBSD and Linux with my new video hardware, when coming out of a desktop or WM back into lightdm, my monitor goes into DPMS mode and this is unrecoverable. Not all distros with lightdm do this but some do. It might be light-locker, not sure, but regardless, it is not a workable solution. I have switched to lxdm and slock and it works perfectly. I can live with the wife not being able to shut down - she rarely uses my computer anyway.

I may play around with lightdm on Void to see if it works and if so, switch. Thanks for the help!


#20

I actually switched from lightdm to lxdm because of the issues you were having.