Hi, Well, the problem is that lightdm runs as root and happily takes commands from any user logged in. This might be quite handy for desktop machines, but it isn't pretty from a security perspective :) Anyways, I don't need a login manager at all, since Nomachine just spins up an lxsession for users. Nobody needs to login locally on the machine.
When users try to use the shutdown/reboot buttons they are given a username/password dialog box, and when they can't provide a username with sudo privileges they get an "access denied" message, which is fine. It would just be better if I could hide those buttons completely so no users get confused about what to push to logout. Admins that actually need to reboot or shutdown the machine will do it from a prompt anyways. 2014-07-10 14:49 GMT+02:00 Israel <[email protected]>: > On 07/10/2014 07:21 AM, Anders Bruun Olsen wrote: > > Hi, > > I am looking to build a new terminal server for remote desktops which > will be accessed through NoMachine Enterprise. Lubuntu and LXDE looks like > a nice fit, but I have run into a couple of issues. > > I have a default install of Lubuntu 14.04 64-bit. I have created a > non-privileged user (no sudo rights). I have also installed NoMachine > Enterprise Server. First thing I discovered was what I would almost call a > security issue. When my non-privileged user is logged in remotely (with > Nomachine Enterprise Client), choosing shutdown in the logout dialog > actually does shut down the server. How can this user shut down the server, > without root access? I found out, that if I ensure lightdm isn't running > (nobody will login locally), my unprivileged user can't shut down the > server, but will be asked for the password to a privileged user, so I guess > this is an issue with lightdm. Is this really intended behavior? > > Next up, I would like to hide the shutdown and reboot buttons in the > logout dialog. The only way I have been able to find by searching, is to > actually change the source code for lxsession-logout and recompile. Is > there really no other way to hide those buttons? > > -- > Anders Bruun Olsen > It-ansvarlig > Det Danske Sprog- og Litteraturselskab > (Society for Danish Language and Literature) > > > Hi Anders! > The commands for shutting down, and rebooting are sudo commands. (sudo > shutdown -h now or sudo reboot) However certain programs are granted > access to run these commands from root. So it should be possible to not > allow those programs to shutdown without a password. This also includes > the lxsession-logout. Can the unprivaleged user run the logout dialog and > shutdown from there as well (this is the power button on the panel, unless > you have removed it). > > Unfortunately I cannot remember right this moment what grants these > programs access to run those commands without need a user password. But > this might give you something to search for. There are some people on this > list who may be able to clarify what I am getting at, and may even know how > this is done specifically. > > On the other hand, there are other login managers such as SLIM. You may > need to configure it a bit to get it looking the way you want and have the > options you want, but that might be the easier choice, unless the logout > dialog can let the user shutdown the server as well... > > -- > Regards > > > -- > Lubuntu-users mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/lubuntu-users > > -- Anders Bruun Olsen It-ansvarlig Det Danske Sprog- og Litteraturselskab (Society for Danish Language and Literature)
-- Lubuntu-users mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lubuntu-users
