On Thu, 22 Oct 2015, Alessandro Baggi wrote: > Hi list, > I've installed C 7.1.1503 and I've noticed that simple user can run from bash > shutdown -h now/reboot without getting special permission (sudo, su). The > machine is a VM without GUI (tested also on physical machine). > From reddit I've got a suggestion: removing/comment out "-session optional > pam_systemd.so" in /etc/pam.d/system-auth the problem is solved. > This is a bug? No, that's the wrong way to solve it. > If not, why use this policy? There are security implication? Permissions here are handled by policykit AFAIK. /usr/share/polkit-1/actions/org.freedesktop.login1.policy likely to be of particular interest? jh