[CentOS] Centos User Privileges.

Thu Oct 22 09:50:30 UTC 2015
John Hodrien <J.H.Hodrien at leeds.ac.uk>

On Thu, 22 Oct 2015, John R Pierce wrote:

> and its totally inappropriate for a shared server.

Which is why you wouldn't configure it for a shared server.  I don't understand
the problem though, as the defaults *don't* allow this do they?

/usr/share/polkit-1/actions/org.freedesktop.login1.policy:

         <action id="org.freedesktop.login1.power-off">
                 <description>Power off the system</description>
                 <message>Authentication is required for powering off the system.
                 <defaults>
                         <allow_any>auth_admin_keep</allow_any>
                         <allow_inactive>auth_admin_keep</allow_inactive>
                         <allow_active>yes</allow_active>
                 </defaults>
         </action>

         <action id="org.freedesktop.login1.reboot">
                 <description>Reboot the system</description>
                 <message>Authentication is required for rebooting the system.</message>
                 <defaults>
                         <allow_any>auth_admin_keep</allow_any>
                         <allow_inactive>auth_admin_keep</allow_inactive>
                         <allow_active>yes</allow_active>
                 </defaults>
         </action>

jh