Package: policykit-1 Version: 0.105-8 Severity: important Hello,
in Debian wheey, I used the attached file in /etc/polkit-1/localauthority/50-local.d/ to prevent users from rebooting, shutting down, hibernating or suspending the system without having to enter the root password before. In Debian 8, that did not work anymore. Some investigation showed that action names and the default permissions for multiple running sessions have been changed, but even after editing custom-menu.pkla accordingly, still all users could perform the actions named above. The only thing that helped with policykit-1 0.105-8 was to edit directly the file /usr/share/polkit-1/actions/org.freedesktop.login1.policy, but that cannot be a permanent solution because the file will be overwritten if package systemd is upgraded. As a last attempt, I downloaded the sources of policykit-1 0.113-2 from Debian experimental and built jessie packages from them. With that policykit version and its new rules syntax, I could write a file which effectively prevents normal users from rebooting, shutting down, hibernating or suspending the system. Regards Christoph
custom-menu.pkla
Description: Binary data