Re: [gentoo-user] How to poweroff the system from user?

2015-04-04 Thread lee
"Walter Dnes"  writes:

> On Sun, Mar 29, 2015 at 12:43:12PM +0200, lee wrote
>
>> That leaves the question why a user who isn't even logged in should
>> be able to reboot, which IIRC they can by default with Ctrl+Alt+Del.
>> Such users shouldn't be allowed to do anything but to log in.
>
>   As the old saying goes... "If you don't have physical security, you
> don't have any security".  A malicious person at the physical keyboard
> of the machine could just as easily yank the power cord of out of the
> wall, insert a USB key into the machine, plug the machine back in, boot
> up from the USB key, and copy over malicious binaries.

It's not logical to provide ppl who want to copy over malicious binaries
with an easy way to reboot the machine in order to do so.


-- 
Again we must be afraid of speaking of daemons for fear that daemons
might swallow us.  Finally, this fear has become reasonable.



Re: [gentoo-user] How to poweroff the system from user?

2015-03-30 Thread Rich Freeman
On Mon, Mar 30, 2015 at 4:09 AM, Mick  wrote:
> On Monday 30 Mar 2015 01:52:14 Rich Freeman wrote:
>> On Sun, Mar 29, 2015 at 8:32 PM, Walter Dnes  wrote:
>> >   Be careful what you wish for.  I have my doubts that TPM chips would
>> >
>> > boot linux with Microsoft offering "volume discounts" to OEMS.  Call me
>> > cynical.
>>
>> TPM chips don't control what boots.  They just accept the hash of the
>> bootloader reported by the firmware and store it (and that is it as
>> far as the OEM's contribution to the process).
>
> Rich, the problem with TPM as I understand it is that the private key in the
> TPM chip is not yours, generated on your trusted platform, but the TPM
> manufacturer's and is burned into the TPM chip at the time of production.  If
> the TPM OEMs are in US or within the sphere of influence of the US, then I
> would consider this key as good as compromised.

As far as I'm aware, using a TPM for full-disk encryption does not
rely on any keys pre-installed in the TPM.  Typically you install your
own key or have the TPM generate one for you.  All the TPM does is
refuse to divulge the key unless the firmware reported that the
bootloader hash matches what you told it to look out for, and the
bootloader reported that the kernel hash matches what you told it to
look for (and you can go beyond that, but only if you are using a
distro that signs its userspace, which I believe is a direction RedHat
is going).

However, if the TPM or firmware has a back-door, then I'll certainly
grant that the NSA can read your hard drive.  They don't even need to
compromise the TPM - the firmware alone is capable of compromising the
trusted boot path.  It just needs to tell the TPM that it booted your
trusted bootloader when it really booted something else.

Securing your system isn't really about keeping the NSA out.  If they
want in, they're probably already in.  Sure, it might be
hypothetically possible to keep them out, but it would take far more
effort than almost anybody is going to be willing to put in.  A TPM
will likely do a very effective job at keeping the 99.999% of
people on the Earth who aren't the NSA out, which seems to be good
enough for just about every company on the planet, since most secure
their laptops with TPMs.

-- 
Rich



Re: [gentoo-user] How to poweroff the system from user?

2015-03-30 Thread Mick
On Monday 30 Mar 2015 01:52:14 Rich Freeman wrote:
> On Sun, Mar 29, 2015 at 8:32 PM, Walter Dnes  wrote:
> >   Be careful what you wish for.  I have my doubts that TPM chips would
> > 
> > boot linux with Microsoft offering "volume discounts" to OEMS.  Call me
> > cynical.
> 
> TPM chips don't control what boots.  They just accept the hash of the
> bootloader reported by the firmware and store it (and that is it as
> far as the OEM's contribution to the process). 

Rich, the problem with TPM as I understand it is that the private key in the 
TPM chip is not yours, generated on your trusted platform, but the TPM 
manufacturer's and is burned into the TPM chip at the time of production.  If 
the TPM OEMs are in US or within the sphere of influence of the US, then I 
would consider this key as good as compromised.

-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.


Re: [gentoo-user] How to poweroff the system from user?

2015-03-30 Thread Mick
On Monday 30 Mar 2015 01:32:21 Walter Dnes wrote:
> On Sun, Mar 29, 2015 at 03:30:07PM -0400, Rich Freeman wrote
> 
> > With TPM, full-disk encryption, and a verified boot path, you could
> > actually protect against that scenario (they'd have to tear apart the
> > TPM chip and try to access the non-volatile storage directly, and the
> > chips are specifically designed to defeat this).  Secure boot would
> > not hurt either (with your own keys).  Of course, they could still try
> > to hack in via USB/PCI/etc, or plant keyloggers and such.  I'm not
> > suggesting physical security isn't important.  It just isn't a good
> > reason to completely neglect console security.
> 
>   Be careful what you wish for.  I have my doubts that TPM chips would
> boot linux with Microsoft offering "volume discounts" to OEMS.  Call me
> cynical.

Well, yes, post Snowden revelations we can reasonably suspect that the TPM 
OEMs have degraded the randomness of the chip sufficiently for spooks to be 
able to crack your keys.

-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.


Re: [gentoo-user] How to poweroff the system from user?

2015-03-29 Thread Rich Freeman
On Sun, Mar 29, 2015 at 8:32 PM, Walter Dnes  wrote:
>
>   Be careful what you wish for.  I have my doubts that TPM chips would
> boot linux with Microsoft offering "volume discounts" to OEMS.  Call me
> cynical.
>

TPM chips don't control what boots.  They just accept the hash of the
bootloader reported by the firmware and store it (and that is it as
far as the OEM's contribution to the process).  Linux supports TPM
chips, as does trusted grub.  I have no idea if gummiboot or any of
the EFI solutions do (presumably direct to linux works) - you'd need a
TPM-aware bootloader to take advantage of TPM-based full-disk
encryption unless you want to be typing in a password when you boot.
A TPM is still useful with password-based boots since it can enforce a
maximum number of guesses before it destroys the key.  However, the
real magic is when you use a verified boot path so that your system
just magically boots into linux if the boot path is not tampered with,
and if not the hard drive is impossible to read (and you can do all
this while keeping a copy of your disk key safely offline just in
case).

Remember, TPM isn't UEFI - it works differently and has been around in
PCs a lot longer.

-- 
Rich



Re: [gentoo-user] How to poweroff the system from user?

2015-03-29 Thread Walter Dnes
On Sun, Mar 29, 2015 at 03:30:07PM -0400, Rich Freeman wrote

> With TPM, full-disk encryption, and a verified boot path, you could
> actually protect against that scenario (they'd have to tear apart the
> TPM chip and try to access the non-volatile storage directly, and the
> chips are specifically designed to defeat this).  Secure boot would
> not hurt either (with your own keys).  Of course, they could still try
> to hack in via USB/PCI/etc, or plant keyloggers and such.  I'm not
> suggesting physical security isn't important.  It just isn't a good
> reason to completely neglect console security.

  Be careful what you wish for.  I have my doubts that TPM chips would
boot linux with Microsoft offering "volume discounts" to OEMS.  Call me
cynical.

-- 
Walter Dnes 
I don't run "desktop environments"; I run useful applications



Re: [gentoo-user] How to poweroff the system from user?

2015-03-29 Thread Rich Freeman
On Sun, Mar 29, 2015 at 7:20 PM, Walter Dnes  wrote:
> On Sun, Mar 29, 2015 at 12:43:12PM +0200, lee wrote
>
>> That leaves the question why a user who isn't even logged in should
>> be able to reboot, which IIRC they can by default with Ctrl+Alt+Del.
>> Such users shouldn't be allowed to do anything but to log in.
>
>   As the old saying goes... "If you don't have physical security, you
> don't have any security".  A malicious person at the physical keyboard
> of the machine could just as easily yank the power cord of out of the
> wall, insert a USB key into the machine, plug the machine back in, boot
> up from the USB key, and copy over malicious binaries.
>

With TPM, full-disk encryption, and a verified boot path, you could
actually protect against that scenario (they'd have to tear apart the
TPM chip and try to access the non-volatile storage directly, and the
chips are specifically designed to defeat this).  Secure boot would
not hurt either (with your own keys).  Of course, they could still try
to hack in via USB/PCI/etc, or plant keyloggers and such.  I'm not
suggesting physical security isn't important.  It just isn't a good
reason to completely neglect console security.

-- 
Rich



Re: [gentoo-user] How to poweroff the system from user?

2015-03-29 Thread Walter Dnes
On Sun, Mar 29, 2015 at 12:43:12PM +0200, lee wrote

> That leaves the question why a user who isn't even logged in should
> be able to reboot, which IIRC they can by default with Ctrl+Alt+Del.
> Such users shouldn't be allowed to do anything but to log in.

  As the old saying goes... "If you don't have physical security, you
don't have any security".  A malicious person at the physical keyboard
of the machine could just as easily yank the power cord of out of the
wall, insert a USB key into the machine, plug the machine back in, boot
up from the USB key, and copy over malicious binaries.

-- 
Walter Dnes 
I don't run "desktop environments"; I run useful applications



Re: [gentoo-user] How to poweroff the system from user?

2015-03-29 Thread Rich Freeman
On Sun, Mar 29, 2015 at 8:33 AM, Jorge Almeida  wrote:
> On Sun, Mar 29, 2015 at 12:55 PM, Volker Armin Hemmann
>  wrote:
>>> and dump people keep talking nonsencely that sysvinit is enough while it
>>> cannot even handle reboot for normal user. sad.
>>
>> it can. Did for decaded.
>>
>> Dumb systemd fanbois spouting their lies everywhere. Sad.
>>
>
> "Sad" doesn't even begin to describe the behaviour of Mr. "can learn
> anything I want very very fast", the famous "expert of all kinds".
> What beats me is the apparent tolerance of this list towards this kind
> of attitude. In case someone forgot, this microcai critter is the same
> self-styled genious who made his Grand Entrance to this list on
> 11/11/12 saying "byebye  haters .  Comunitiy doesn't need people like
> you"

Do we really need a 15-post flamewar about whose fans are more childish?

If you have a problem with somebody, take it to comrel.  If you have
something useful to offer, offer it.  Nothing above has added to the
conversation at all.

-- 
Rich



Re: [gentoo-user] How to poweroff the system from user?

2015-03-29 Thread Jorge Almeida
On Sun, Mar 29, 2015 at 12:55 PM, Volker Armin Hemmann
 wrote:


>> and dump people keep talking nonsencely that sysvinit is enough while it
>> cannot even handle reboot for normal user. sad.
>>
>>
>>
>
> it can. Did for decaded.
>
> Dumb systemd fanbois spouting their lies everywhere. Sad.
>

"Sad" doesn't even begin to describe the behaviour of Mr. "can learn
anything I want very very fast", the famous "expert of all kinds".
What beats me is the apparent tolerance of this list towards this kind
of attitude. In case someone forgot, this microcai critter is the same
self-styled genious who made his Grand Entrance to this list on
11/11/12 saying "byebye  haters .  Comunitiy doesn't need people like
you"

Regards,

Jorge Almeida



Re: [gentoo-user] How to poweroff the system from user?

2015-03-29 Thread Volker Armin Hemmann
Am 26.03.2015 um 01:46 schrieb microcai:
> on Saturday 21 March 2015 13:58:45,Canek Peláez Valdés wrote:
>> On Sat, Mar 21, 2015 at 1:47 PM, Rich Freeman  wrote:
>>> On Sat, Mar 21, 2015 at 3:39 PM, German  wrote:
 No, I am trying to shutdown from a console
>>> Well, the old answer would be that you need to use sudo to run it, as
>>> shutting down is a privileged operation.
>>>
>>> I suspect that the new answer is that with appropriate
>>> policykit/consolekit/etc settings you can probably allow somebody
>>> sitting at a physical console to shut down the system, or any
>>> logged-in user if you prefer.  However, I haven't actually set that up
>>> myself.
>> logind does that for you automagically™. The first seat has the rights to
>> poweroff or reboot the machine, and it can differentiate between local and
>> remote logins. You can check if your user session has the permissions to
>> poweroff/reboot via dbus:
>>
>> $ gdbus call --system --dest org.freedesktop.login1 --object-path
>> /org/freedesktop/login1 --method org.freedesktop.login1.Manager.CanPowerOff
>> ('yes',)
>>
>> $ gdbus call --system --dest org.freedesktop.login1 --object-path
>> /org/freedesktop/login1 --method org.freedesktop.login1.Manager.CanReboot
>> ('yes',)
>>
>> But you need systemd to use logind1. There has been some attempts to
>> reimplement logind outside systemd, but I'm not sure how advanced they are.
>>
>> This kind of problems were one of the reasons for creating logind.
>>
> and dump people keep talking nonsencely that sysvinit is enough while it 
> cannot even handle reboot for normal user. sad.
>
>
>

it can. Did for decaded.

Dumb systemd fanbois spouting their lies everywhere. Sad.



Re: [gentoo-user] How to poweroff the system from user?

2015-03-29 Thread lee
Peter Humphrey  writes:

> The remaining question is: why is the user not allowed to halt it?

It's because a user who wants to somewhat permanently disrupt the
services the machine provides would need to remain at the keyboard to
continue to reboot it and thus can be caught more easily than a user who
shuts the machine down and then escapes.

This is assuming that a user who does such things isn't smart enough to
enter the BIOS setup before they escape, which characterizes users doing
such things.


That leaves the question why a user who isn't even logged in should be
able to reboot, which IIRC they can by default with Ctrl+Alt+Del.  Such
users shouldn't be allowed to do anything but to log in.


-- 
Again we must be afraid of speaking of daemons for fear that daemons
might swallow us.  Finally, this fear has become reasonable.



Re: [gentoo-user] How to poweroff the system from user?

2015-03-26 Thread Tom H
On Wed, Mar 25, 2015 at 8:53 PM, microcai  wrote:
> on Sunday 22 March 2015 02:32:00,German wrote:
>>
>> /sbin/poweroff says "Must be a superuser" :(
>
> then it's high time for you to trash away sysvint and openrc, and try
> systemd!!!

I doubt that Fedora developers and users would be happy to know that
you're trolling with a Fedora email address.

Anyway, logind+polkit are the reason that systemd allows a user at the
console to shutdown a system. Run "pkaction --verbose --action-id
org.freedesktop.login1.power-off" to see why.

The same can be set up with consolekit+polkit when booting with sysv+openrc.



Re: [gentoo-user] How to poweroff the system from user?

2015-03-25 Thread wabenbau
German  wrote:

> If I run poweroff from root, the system shuts down, however when I
> run poweroff from user -- command not found. How to shut down the
> system from user? Thanks

I modified a line in /etc/inittab so that I can shutdown my system
as user with Ctrl+Alt+Del:

# What to do at the "Three Finger Salute".
ca:12345:ctrlaltdel:/sbin/shutdown -h now

It works even without systemd. ;-)

--
Regards
wabe



Re: [gentoo-user] How to poweroff the system from user?

2015-03-25 Thread microcai
on Sunday 22 March 2015 02:32:00,German wrote:
> On Sat, 21 Mar 2015 18:51:58 -0400
> 
> Fernando Rodriguez  wrote:
> > On Saturday, March 21, 2015 4:58:42 PM German wrote:
> > > On Sat, 21 Mar 2015 16:32:25 -0400
> > > 
> > > Philip Webb  wrote:
> > > > 150321 German wrote:
> > > > > If I run poweroff from root, the system shuts down.
> > > > > When I run poweroff from user -- command not found.
> > > > > How to shut down the system from user ?
> > > > 
> > > > I'ld say "Don't" : it's contrary to the principles of Unix,
> > > > which separate the roles of sysadmin (root) from those of ordinary
> > > > users.
> > > > 
> > > > To shut down, I first exit Fluxbox via its menu,
> > > > then 'su' + root password, then alias 'down' = 'shutdown -h now'.
> > > > That observes the proper roles + ceremonies (smile).
> > > 
> > > Interesting. But as I said ealier, I can reboot the system when I am a
> > > user
> > 
> > by Ctrl+Alt+Delete. The user can reboot the system, but can't shut down?
> > Strange
> > 
> > 
> > Either /sbin/poweroff or /usr/sbin/poweroff will do it from a local
> > session (if there's no other users logged in locally).
> 
> /sbin/poweroff says "Must be a superuser" :(

then it's high time for you to trash away sysvint and openrc, and try 
systemd!!! 

> > Like I said, /sbin is only on the search path for root by default on
> > gentoo.




Re: [gentoo-user] How to poweroff the system from user?

2015-03-25 Thread microcai
on Saturday 21 March 2015 13:58:45,Canek Peláez Valdés wrote:
> On Sat, Mar 21, 2015 at 1:47 PM, Rich Freeman  wrote:
> > On Sat, Mar 21, 2015 at 3:39 PM, German  wrote:
> > > No, I am trying to shutdown from a console
> > 
> > Well, the old answer would be that you need to use sudo to run it, as
> > shutting down is a privileged operation.
> > 
> > I suspect that the new answer is that with appropriate
> > policykit/consolekit/etc settings you can probably allow somebody
> > sitting at a physical console to shut down the system, or any
> > logged-in user if you prefer.  However, I haven't actually set that up
> > myself.
> 
> logind does that for you automagically™. The first seat has the rights to
> poweroff or reboot the machine, and it can differentiate between local and
> remote logins. You can check if your user session has the permissions to
> poweroff/reboot via dbus:
> 
> $ gdbus call --system --dest org.freedesktop.login1 --object-path
> /org/freedesktop/login1 --method org.freedesktop.login1.Manager.CanPowerOff
> ('yes',)
> 
> $ gdbus call --system --dest org.freedesktop.login1 --object-path
> /org/freedesktop/login1 --method org.freedesktop.login1.Manager.CanReboot
> ('yes',)
> 
> But you need systemd to use logind1. There has been some attempts to
> reimplement logind outside systemd, but I'm not sure how advanced they are.
> 
> This kind of problems were one of the reasons for creating logind.
> 

and dump people keep talking nonsencely that sysvinit is enough while it 
cannot even handle reboot for normal user. sad.


> Regards.
> --
> Canek Peláez Valdés
> Profesor de asignatura, Facultad de Ciencias
> Universidad Nacional Autónoma de México




Re: [gentoo-user] How to poweroff the system from user?

2015-03-23 Thread Emanuele Rusconi
On 23 March 2015 at 10:46, Peter Humphrey  wrote:

> On Sunday 22 March 2015 14:36:36 Jc García wrote:
> > 2015-03-22 4:30 GMT-06:00 Peter Humphrey :
> > > On Saturday 21 March 2015 16:20:17 Jc García wrote:
> > >> > Interesting. But as I said ealier, I can reboot the system when I am
> > >> > a
> > >> > user by Ctrl+Alt+Delete. The user can reboot the system, but can't
> > >> > shut
> > >> > down? Strange
> > >>
> > >> It's not strange,  `man 2 reboot`. It's a defined behavior.
> > >
> > > I'm with German here. Being designed that way doesn't stop it being
> > > strange.
> > I see it as a last resource available for rebooting under any
> > circumstances( Similar to what you can do with Sysrq).
> >
> > > Consider: I'm an ordinary user sitting at a terminal. I'm not allowed
> to
> > > halt the machine, but I am allowed to reboot it into perhaps some quite
> > > other configuration. Or I can keep rebooting it over and again,
> > > effectively preventing the machine from doing its job. How does that
> > > make sense?
> > It doesn't and that's why it's configurable, if you are in a high
> > security requiring environment, you disable it.
>
> The consensus seems to be that there's no point in trying to prevent a user
> from rebooting the machine, and I'm happy to go along with that.
>
> The remaining question is: why is the user not allowed to halt it?
>
> --
> Rgds
> Peter.
>
>
>
Maybe some people here missed my post.

You CAN allow the user to halt: just substitute
ca:12345:ctrlaltdel:/sbin/shutdown -r now
with
ca:12345:ctrlaltdel:/sbin/shutdown -P now
in /etc/inittab and Ctrl-Alt-Del will shutdown instead of reboot.

In fact, Ctrl-Alt-Del can be set up to do whatever you want and will
have root privileges.

If this is a security hole for your use case, you can comment it or set
it to
ca:12345:ctrlaltdel: /bin/echo 'Hey, don't touch me there!'
, or you can disable it entirely in the kernel.
--
Emanuele


Re: [gentoo-user] How to poweroff the system from user?

2015-03-23 Thread Rich Freeman
On Mon, Mar 23, 2015 at 5:46 AM, Peter Humphrey  wrote:
>
> The remaining question is: why is the user not allowed to halt it?
>

Keep in mind there are many ways that a unix-like OS can be used.  It
could be running on a laptop, or it could be running on a multi-user
system where 50 people are logged in at any given time.  In the former
case you want a desktop-like experience where the user can just hit
the shutdown button, and in the latter case you don't want users
powering off the server which might be 4 states away.

The old solution to this was just having the system owner run sudo
poweroff.  Then desktop environments came up with a way to allow a
logged in user to send a command back to the display manager (which
runs as root) to tell it to shut down the system, and made whether
that is allowed configurable.  The most recent evolution of this is
consolekit/logind, which distinguishes users logged in at the system
console from those logged in remotely and grants the authority to
shutdown the system if you're local.  This approach also does things
like assign permissions to audio devices as well, so that only the
person sitting at the console can spy on the console using the
microphone and you don't need to control this manually using an audio
group.

The other trend is for unprivileged processes access privileged
functions via dbus, controlled by polkit.  This allows granular
control over what users/groups/etc can run what functions, potentially
based on whether they're at a local console or not.  You can even
control that particular functions require a root password or for the
user to re-enter their password.  This puts all the policy rules in
/etc and reduces the amount of per-application configuration.  It is a
bit like sudoers, but with more fine-grained control and without
getting into hard-coding command lines (which can be a bit clumsy).
The traditional downside to this approach has been the need to run
dbus, but this is moving into the kernel and the intent is to
encourage processes to utilize it as the main IPC mechanism.

The end goal is to try to get reasonable default behavior without
requiring either desktop or server administrators to have to do much,
or to have to designate a distro as being primarily desktop vs server
in nature.  On a server nobody is logged in via the console, so you
get restricted privileges by default.  On a desktop the main user is
logged in via the console and can use their webcam+mic, but others who
might be allowed to login cannot remotely connect over the network and
spy on the same.  However, all of this is configurable - you can stick
rules in /etc which change these behaviors.

-- 
Rich



回复:Re: [gentoo-user] How to poweroff the system from user?

2015-03-23 Thread Nicol TAO
just security problem. server should not be that easy to be interrupted!


在2015年03月23日 17:46,Peter Humphrey 写道:
On Sunday 22 March 2015 14:36:36 Jc García wrote:
> 2015-03-22 4:30 GMT-06:00 Peter Humphrey :
> > On Saturday 21 March 2015 16:20:17 Jc García wrote:
> >> > Interesting. But as I said ealier, I can reboot the system when I am
> >> > a
> >> > user by Ctrl+Alt+Delete. The user can reboot the system, but can't
> >> > shut
> >> > down? Strange
> >>
> >> It's not strange,  `man 2 reboot`. It's a defined behavior.
> >
> > I'm with German here. Being designed that way doesn't stop it being
> > strange.
> I see it as a last resource available for rebooting under any
> circumstances( Similar to what you can do with Sysrq).
>
> > Consider: I'm an ordinary user sitting at a terminal. I'm not allowed to
> > halt the machine, but I am allowed to reboot it into perhaps some quite
> > other configuration. Or I can keep rebooting it over and again,
> > effectively preventing the machine from doing its job. How does that
> > make sense?
> It doesn't and that's why it's configurable, if you are in a high
> security requiring environment, you disable it.

The consensus seems to be that there's no point in trying to prevent a user
from rebooting the machine, and I'm happy to go along with that.

The remaining question is: why is the user not allowed to halt it?

--
Rgds
Peter.




Re: [gentoo-user] How to poweroff the system from user?

2015-03-23 Thread Peter Humphrey
On Sunday 22 March 2015 14:36:36 Jc García wrote:
> 2015-03-22 4:30 GMT-06:00 Peter Humphrey :
> > On Saturday 21 March 2015 16:20:17 Jc García wrote:
> >> > Interesting. But as I said ealier, I can reboot the system when I am
> >> > a
> >> > user by Ctrl+Alt+Delete. The user can reboot the system, but can't
> >> > shut
> >> > down? Strange
> >> 
> >> It's not strange,  `man 2 reboot`. It's a defined behavior.
> > 
> > I'm with German here. Being designed that way doesn't stop it being
> > strange.
> I see it as a last resource available for rebooting under any
> circumstances( Similar to what you can do with Sysrq).
> 
> > Consider: I'm an ordinary user sitting at a terminal. I'm not allowed to
> > halt the machine, but I am allowed to reboot it into perhaps some quite
> > other configuration. Or I can keep rebooting it over and again,
> > effectively preventing the machine from doing its job. How does that
> > make sense?
> It doesn't and that's why it's configurable, if you are in a high
> security requiring environment, you disable it.

The consensus seems to be that there's no point in trying to prevent a user 
from rebooting the machine, and I'm happy to go along with that.

The remaining question is: why is the user not allowed to halt it?

-- 
Rgds
Peter.




Re: [gentoo-user] How to poweroff the system from user?

2015-03-22 Thread Walter Dnes
On Sun, Mar 22, 2015 at 03:30:49AM -0400, German wrote

> Thanks, I decide to go with sudo on this one. However when I try
> to run it, it says: "Username is not in the sudoers file." Where is
> this file located and how can I add the user to it? Thanks

  Here's how it works.  "emerge -pv sudo" and decide whic USE flags you
need for your situation.  I use none of them.  The main config file is
/etc/sudoers  *DO NOT TOUCH THAT FILE*.  It'll get overwritten every
time that an update of sudo comes along.  sudo also reads files in its
"include directory", which defaults to /etc/sudoers.d/ which is where
you should put your stuff.  You can have multiple files in there, and
they will be executed in the same order that they sort.  *DO NOT EDIT
THESE FILES DIRECTLY WITH NANO/VIM/WHATEVER*.  Use the command...

visudo -f /etc/sudoers.d/filename

where "filename" is any legal file name.  visudo is a sudo feature that
* gets your default editor
* edits a *WORKING COPY* of the file you want to change
* after you exit the editor, it tests the file syntax
* if no sudo syntax errors are found it commits the file
* if syntax errors are found, it warns you, and allows you to back out

  I have a single file /etc/sudoers.d/001 but you can have several files
if you want.  The desktop's hostname is "d531" and my login is
"waltdnes".  Adjust correspondingly for your system...

waltdnes  d531 = (root) NOPASSWD: /sbin/poweroff
waltdnes  d531 = (root) NOPASSWD: /usr/sbin/hibernate
waltdnes  d531 = (root) NOPASSWD: /usr/bin/simple-mtpfs -o allow_other 
/home/waltdnes/tablet
waltdnes  d531 = (root) NOPASSWD: /usr/bin/fusermount -u /home/waltdnes/tablet
waltdnes  d531 = (root) NOPASSWD: /bin/cp -f /etc/ssmtp/295.ssmtp.conf 
/etc/ssmtp/ssmtp.conf
waltdnes  d531 = (root) NOPASSWD: /bin/cp -f /etc/ssmtp/teksavvy.ssmtp.conf 
/etc/ssmtp/ssmtp.conf
waltdnes  d531 = (root) NOPASSWD: /usr/bin/openrdate -n -s ca.pool.ntp.org
waltdnes  d531 = (root) NOPASSWD: /sbin/hwclock --systohc


  This format allows the user to run the command, if preceeded by
"sudo", and no password is required.  Note that the command must be
identical to what is set in /etc/sudoers.d/ e.g.

sudo /sbin/poweroff

  I usually launch it from a script in ~/bin to same a lot of typing,
and avoid typo errors.  For instance, to connect my tablet or smartphone
to directory ~/tablet, I have a script ~/bin/tabon

#!/bin/bash
sudo simple-mtpfs -o allow_other /home/waltdnes/tablet

  To disconnect from the device I have a script ~/bin/taboff

#!/bin/bash
sudo fusermount -u /home/waltdnes/tablet

  To sync my desktop's clock, I have a script ~/bin/settime

#!/bin/bash
date
/usr/bin/sudo /usr/bin/openrdate -n -s ca.pool.ntp.org
/usr/bin/sudo /sbin/hwclock --systohc
date

  I have a dialup ISP (295.ca) as emergency backup in case my broadband
ISP (teksavvy.com) service goes down.  ISP's only let logged in users
connect to the standard outbound port.  So I need to change the
/etc/ssmtp/ssmtp.conf file to point to the approprite ISP's server.  My
dialup script is...

#!/bin/bash
sudo /bin/cp -f /etc/ssmtp/295.ssmtp.conf /etc/ssmtp/ssmtp.conf
sudo /usr/sbin/pon u295.ca

  My "dialdown" script is...

#!/bin/bash
/usr/bin/sudo /usr/sbin/poff
/usr/bin/sudo /bin/cp -f /etc/ssmtp/teksavvy.ssmtp.conf /etc/ssmtp/ssmtp.conf



-- 
Walter Dnes 
I don't run "desktop environments"; I run useful applications



Re: [gentoo-user] How to poweroff the system from user?

2015-03-22 Thread Jc García
2015-03-22 4:30 GMT-06:00 Peter Humphrey :
> On Saturday 21 March 2015 16:20:17 Jc García wrote:
>> > Interesting. But as I said ealier, I can reboot the system when I am a
>> > user by Ctrl+Alt+Delete. The user can reboot the system, but can't shut
>> > down? Strange
>> It's not strange,  `man 2 reboot`. It's a defined behavior.
>
> I'm with German here. Being designed that way doesn't stop it being strange.
>

I see it as a last resource available for rebooting under any
circumstances( Similar to what you can do with Sysrq).


> Consider: I'm an ordinary user sitting at a terminal. I'm not allowed to
> halt the machine, but I am allowed to reboot it into perhaps some quite
> other configuration. Or I can keep rebooting it over and again, effectively
> preventing the machine from doing its job. How does that make sense?
>

It doesn't and that's why it's configurable, if you are in a high
security requiring environment, you disable it.



Re: [gentoo-user] How to poweroff the system from user?

2015-03-22 Thread Peter Humphrey
On Saturday 21 March 2015 16:20:17 Jc García wrote:
> > Interesting. But as I said ealier, I can reboot the system when I am a
> > user by Ctrl+Alt+Delete. The user can reboot the system, but can't shut
> > down? Strange
> It's not strange,  `man 2 reboot`. It's a defined behavior.

I'm with German here. Being designed that way doesn't stop it being strange.

Consider: I'm an ordinary user sitting at a terminal. I'm not allowed to 
halt the machine, but I am allowed to reboot it into perhaps some quite 
other configuration. Or I can keep rebooting it over and again, effectively 
preventing the machine from doing its job. How does that make sense?

-- 
Rgds
Peter.




Re: [gentoo-user] How to poweroff the system from user?

2015-03-22 Thread German
On Sun, 22 Mar 2015 03:47:13 -0400
Fernando Rodriguez  wrote:

> On Sunday, March 22, 2015 3:30:49 AM German wrote:
> > On Sun, 22 Mar 2015 03:19:50 -0400
> > Fernando Rodriguez  wrote:
> > 
> > > On Sunday, March 22, 2015 3:06:59 AM German wrote:
> > > > On Sun, 22 Mar 2015 08:49:54 +0200
> > > > Matti Nykyri  wrote:
> > > > 
> > > > > > On Mar 22, 2015, at 8:32, German  wrote:
> > > > > > 
> > > > > > 
> > > > > > /sbin/poweroff says "Must be a superuser" :(
> > > > > 
> > > > > Did you read any of the previous messages? They told you that you 
> > > > > have 
> to 
> > > have consolekit and polkit installed and configured for this to work!
> > > > 
> > > > Yes, I've read them. However no one explianed how this has to be 
> > > accomplished with polkit and consolekit.
> > > 
> > > You don't need those. It sounds like you somehow got both sysvinit and 
> systemd 
> > > installed. The message you're getting is from sysvinit. poweroff should 
> > > be 
> a 
> > > symlink to systemctl. Try:
> > > 
> > > systemctl poweroff
> > > 
> > > You may need to unmerge sysvinit and anything else related to openrc and 
> then 
> > > re-emerge systemd. With systemd it should either shutdown or ask you for 
> the 
> > > root password (if you're not logged in locally or there's other users 
> logged 
> > 
> > Thanks, I decide to go with sudo on this one. However when I try to run it, 
> it says:
> > "Username is not in the sudoers file." Where is this file located and how 
> > can 
> I add the user to it? Thanks
> > 
> > > in).
> 
> Actually you never said anything about systemd so it's my bad.
> They where talking about logind and I got it messed up with another thread 
> about systemd.
> 

No problem. I guess that's what happening when you try to help everyone.
> -- 
> Fernando Rodriguez
> 


-- 




Re: [gentoo-user] How to poweroff the system from user?

2015-03-22 Thread German
On Sun, 22 Mar 2015 09:35:46 +0200
Matti Nykyri  wrote:

> > On Mar 22, 2015, at 9:31, Fernando Rodriguez 
> >  wrote:
> > 
> >> On Sunday, March 22, 2015 3:06:59 AM German wrote:
> >> On Sun, 22 Mar 2015 08:49:54 +0200
> >> Matti Nykyri  wrote:
> >> 
>  On Mar 22, 2015, at 8:32, German  wrote:
>  
>  
>  /sbin/poweroff says "Must be a superuser" :(
> >>> 
> >>> Did you read any of the previous messages? They told you that you have to
> > have consolekit and polkit installed and configured for this to work!
> >> 
> >> Yes, I've read them. However no one explianed how this has to be
> > accomplished with polkit and consolekit.
> > 
> > Actually systemd's poweroff should be on /usr/bin or /bin but if you got it 
> > there you shouldn't have got the command not found error so something is 
> > messed up with your system. Post the output to the folling
> > 
> > ls -l /usr/bin/poweroff
> > ls -l /bin/poweroff
> > ls -l /sbin/poweroff
> > ls -l /usr/sbin/poweroff
> > 
> > Only one of them should list something and it should be a symlink to 
> > systemctl.
> 
> From previous messages by the OP I recall that he is using OpenRC.

Yes, as from fresh gentoo install.
> 
> -- 
> -Matti


-- 




Re: [gentoo-user] How to poweroff the system from user?

2015-03-22 Thread Fernando Rodriguez
On Sunday, March 22, 2015 9:35:46 AM Matti Nykyri wrote:
> > On Mar 22, 2015, at 9:31, Fernando Rodriguez 
 wrote:
> > 
> >> On Sunday, March 22, 2015 3:06:59 AM German wrote:
> >> On Sun, 22 Mar 2015 08:49:54 +0200
> >> Matti Nykyri  wrote:
> >> 
>  On Mar 22, 2015, at 8:32, German  wrote:
>  
>  
>  /sbin/poweroff says "Must be a superuser" :(
> >>> 
> >>> Did you read any of the previous messages? They told you that you have 
to
> > have consolekit and polkit installed and configured for this to work!
> >> 
> >> Yes, I've read them. However no one explianed how this has to be
> > accomplished with polkit and consolekit.
> > 
> > Actually systemd's poweroff should be on /usr/bin or /bin but if you got it 
> > there you shouldn't have got the command not found error so something is 
> > messed up with your system. Post the output to the folling
> > 
> > ls -l /usr/bin/poweroff
> > ls -l /bin/poweroff
> > ls -l /sbin/poweroff
> > ls -l /usr/sbin/poweroff
> > 
> > Only one of them should list something and it should be a symlink to 
> > systemctl.
> 
> From previous messages by the OP I recall that he is using OpenRC.

Yea, I'm fucking up. I read the systemd before this one and got them mixed 
up...sorry

-- 
Fernando Rodriguez



Re: [gentoo-user] How to poweroff the system from user?

2015-03-22 Thread German
On Sun, 22 Mar 2015 03:35:49 -0400
Fernando Rodriguez  wrote:

> On Sunday, March 22, 2015 3:30:49 AM German wrote:
> > On Sun, 22 Mar 2015 03:19:50 -0400
> > Fernando Rodriguez  wrote:
> > 
> > > On Sunday, March 22, 2015 3:06:59 AM German wrote:
> > > > On Sun, 22 Mar 2015 08:49:54 +0200
> > > > Matti Nykyri  wrote:
> > > > 
> > > > > > On Mar 22, 2015, at 8:32, German  wrote:
> > > > > > 
> > > > > > 
> > > > > > /sbin/poweroff says "Must be a superuser" :(
> > > > > 
> > > > > Did you read any of the previous messages? They told you that you 
> > > > > have 
> to 
> > > have consolekit and polkit installed and configured for this to work!
> > > > 
> > > > Yes, I've read them. However no one explianed how this has to be 
> > > accomplished with polkit and consolekit.
> > > 
> > > You don't need those. It sounds like you somehow got both sysvinit and 
> systemd 
> > > installed. The message you're getting is from sysvinit. poweroff should 
> > > be 
> a 
> > > symlink to systemctl. Try:
> > > 
> > > systemctl poweroff
> > > 
> > > You may need to unmerge sysvinit and anything else related to openrc and 
> then 
> > > re-emerge systemd. With systemd it should either shutdown or ask you for 
> the 
> > > root password (if you're not logged in locally or there's other users 
> logged 
> > 
> > Thanks, I decide to go with sudo on this one. However when I try to run it, 
> it says:
> > "Username is not in the sudoers file." Where is this file located and how 
> > can 
> I add the user to it? Thanks
> > 
> > > in).
> > > 
> > 
> > 
> > 
> 
> See man sudo.

It is huge and my head is spinning. A simple search on the web showed that I 
had just to add one line to "sudoers" file.
Now I am able to poweroff with sudo.


 But the advice you're getting is for openrc (it will work until 
> something else breaks), you need to remove all openrc components and install 
> systemd properly.

Why is openRC is installed at all if I need to remove it? 

> -- 
> Fernando Rodriguez
> 


-- 




Re: [gentoo-user] How to poweroff the system from user?

2015-03-22 Thread Fernando Rodriguez
On Sunday, March 22, 2015 3:30:49 AM German wrote:
> On Sun, 22 Mar 2015 03:19:50 -0400
> Fernando Rodriguez  wrote:
> 
> > On Sunday, March 22, 2015 3:06:59 AM German wrote:
> > > On Sun, 22 Mar 2015 08:49:54 +0200
> > > Matti Nykyri  wrote:
> > > 
> > > > > On Mar 22, 2015, at 8:32, German  wrote:
> > > > > 
> > > > > 
> > > > > /sbin/poweroff says "Must be a superuser" :(
> > > > 
> > > > Did you read any of the previous messages? They told you that you have 
to 
> > have consolekit and polkit installed and configured for this to work!
> > > 
> > > Yes, I've read them. However no one explianed how this has to be 
> > accomplished with polkit and consolekit.
> > 
> > You don't need those. It sounds like you somehow got both sysvinit and 
systemd 
> > installed. The message you're getting is from sysvinit. poweroff should be 
a 
> > symlink to systemctl. Try:
> > 
> > systemctl poweroff
> > 
> > You may need to unmerge sysvinit and anything else related to openrc and 
then 
> > re-emerge systemd. With systemd it should either shutdown or ask you for 
the 
> > root password (if you're not logged in locally or there's other users 
logged 
> 
> Thanks, I decide to go with sudo on this one. However when I try to run it, 
it says:
> "Username is not in the sudoers file." Where is this file located and how can 
I add the user to it? Thanks
> 
> > in).

Actually you never said anything about systemd so it's my bad.
They where talking about logind and I got it messed up with another thread 
about systemd.

-- 
Fernando Rodriguez



Re: [gentoo-user] How to poweroff the system from user?

2015-03-22 Thread Matti Nykyri
> On Mar 22, 2015, at 9:31, Fernando Rodriguez 
>  wrote:
> 
>> On Sunday, March 22, 2015 3:06:59 AM German wrote:
>> On Sun, 22 Mar 2015 08:49:54 +0200
>> Matti Nykyri  wrote:
>> 
 On Mar 22, 2015, at 8:32, German  wrote:
 
 
 /sbin/poweroff says "Must be a superuser" :(
>>> 
>>> Did you read any of the previous messages? They told you that you have to
> have consolekit and polkit installed and configured for this to work!
>> 
>> Yes, I've read them. However no one explianed how this has to be
> accomplished with polkit and consolekit.
> 
> Actually systemd's poweroff should be on /usr/bin or /bin but if you got it 
> there you shouldn't have got the command not found error so something is 
> messed up with your system. Post the output to the folling
> 
> ls -l /usr/bin/poweroff
> ls -l /bin/poweroff
> ls -l /sbin/poweroff
> ls -l /usr/sbin/poweroff
> 
> Only one of them should list something and it should be a symlink to 
> systemctl.

From previous messages by the OP I recall that he is using OpenRC.

-- 
-Matti


Re: [gentoo-user] How to poweroff the system from user?

2015-03-22 Thread Fernando Rodriguez
On Sunday, March 22, 2015 3:30:49 AM German wrote:
> On Sun, 22 Mar 2015 03:19:50 -0400
> Fernando Rodriguez  wrote:
> 
> > On Sunday, March 22, 2015 3:06:59 AM German wrote:
> > > On Sun, 22 Mar 2015 08:49:54 +0200
> > > Matti Nykyri  wrote:
> > > 
> > > > > On Mar 22, 2015, at 8:32, German  wrote:
> > > > > 
> > > > > 
> > > > > /sbin/poweroff says "Must be a superuser" :(
> > > > 
> > > > Did you read any of the previous messages? They told you that you have 
to 
> > have consolekit and polkit installed and configured for this to work!
> > > 
> > > Yes, I've read them. However no one explianed how this has to be 
> > accomplished with polkit and consolekit.
> > 
> > You don't need those. It sounds like you somehow got both sysvinit and 
systemd 
> > installed. The message you're getting is from sysvinit. poweroff should be 
a 
> > symlink to systemctl. Try:
> > 
> > systemctl poweroff
> > 
> > You may need to unmerge sysvinit and anything else related to openrc and 
then 
> > re-emerge systemd. With systemd it should either shutdown or ask you for 
the 
> > root password (if you're not logged in locally or there's other users 
logged 
> 
> Thanks, I decide to go with sudo on this one. However when I try to run it, 
it says:
> "Username is not in the sudoers file." Where is this file located and how can 
I add the user to it? Thanks
> 
> > in).
> > 
> 
> 
> 

See man sudo. But the advice you're getting is for openrc (it will work until 
something else breaks), you need to remove all openrc components and install 
systemd properly.
-- 
Fernando Rodriguez



Re: [gentoo-user] How to poweroff the system from user?

2015-03-22 Thread Matti Nykyri
> On Mar 22, 2015, at 9:30, German  wrote:
> 
> On Sun, 22 Mar 2015 03:19:50 -0400
> Fernando Rodriguez  wrote:
> 
>>> On Sunday, March 22, 2015 3:06:59 AM German wrote:
>>> On Sun, 22 Mar 2015 08:49:54 +0200
>>> Matti Nykyri  wrote:
>>> 
> On Mar 22, 2015, at 8:32, German  wrote:
> 
> 
> /sbin/poweroff says "Must be a superuser" :(
 
 Did you read any of the previous messages? They told you that you have to
>> have consolekit and polkit installed and configured for this to work!
>>> 
>>> Yes, I've read them. However no one explianed how this has to be
>> accomplished with polkit and consolekit.
>> 
>> You don't need those. It sounds like you somehow got both sysvinit and 
>> systemd 
>> installed. The message you're getting is from sysvinit. poweroff should be a 
>> symlink to systemctl. Try:
>> 
>> systemctl poweroff
>> 
>> You may need to unmerge sysvinit and anything else related to openrc and 
>> then 
>> re-emerge systemd. With systemd it should either shutdown or ask you for the 
>> root password (if you're not logged in locally or there's other users logged
> 
> Thanks, I decide to go with sudo on this one. However when I try to run it, 
> it says:
> "Username is not in the sudoers file." Where is this file located and how can 
> I add the user to it? Thanks

man sudo

And 

man sudoers

The file is in /etc/sudoers

-- 
-Matti


Re: [gentoo-user] How to poweroff the system from user?

2015-03-22 Thread Fernando Rodriguez
On Sunday, March 22, 2015 3:06:59 AM German wrote:
> On Sun, 22 Mar 2015 08:49:54 +0200
> Matti Nykyri  wrote:
> 
> > > On Mar 22, 2015, at 8:32, German  wrote:
> > > 
> > > 
> > > /sbin/poweroff says "Must be a superuser" :(
> > 
> > Did you read any of the previous messages? They told you that you have to 
have consolekit and polkit installed and configured for this to work!
> 
> Yes, I've read them. However no one explianed how this has to be 
accomplished with polkit and consolekit.

Actually systemd's poweroff should be on /usr/bin or /bin but if you got it 
there you shouldn't have got the command not found error so something is 
messed up with your system. Post the output to the folling

ls -l /usr/bin/poweroff
ls -l /bin/poweroff
ls -l /sbin/poweroff
ls -l /usr/sbin/poweroff

Only one of them should list something and it should be a symlink to 
systemctl.

-- 
Fernando Rodriguez

signature.asc
Description: This is a digitally signed message part.


Re: [gentoo-user] How to poweroff the system from user?

2015-03-22 Thread German
On Sun, 22 Mar 2015 03:19:50 -0400
Fernando Rodriguez  wrote:

> On Sunday, March 22, 2015 3:06:59 AM German wrote:
> > On Sun, 22 Mar 2015 08:49:54 +0200
> > Matti Nykyri  wrote:
> > 
> > > > On Mar 22, 2015, at 8:32, German  wrote:
> > > > 
> > > > 
> > > > /sbin/poweroff says "Must be a superuser" :(
> > > 
> > > Did you read any of the previous messages? They told you that you have to 
> have consolekit and polkit installed and configured for this to work!
> > 
> > Yes, I've read them. However no one explianed how this has to be 
> accomplished with polkit and consolekit.
> 
> You don't need those. It sounds like you somehow got both sysvinit and 
> systemd 
> installed. The message you're getting is from sysvinit. poweroff should be a 
> symlink to systemctl. Try:
> 
> systemctl poweroff
> 
> You may need to unmerge sysvinit and anything else related to openrc and then 
> re-emerge systemd. With systemd it should either shutdown or ask you for the 
> root password (if you're not logged in locally or there's other users logged 

Thanks, I decide to go with sudo on this one. However when I try to run it, it 
says:
"Username is not in the sudoers file." Where is this file located and how can I 
add the user to it? Thanks

> in).
> 
> -- 
> Fernando Rodriguez
> 


-- 




Re: [gentoo-user] How to poweroff the system from user?

2015-03-22 Thread Matti Nykyri
> On Mar 22, 2015, at 9:11, Alexander Kapshuk  
> wrote:
> 
>> On Sun, Mar 22, 2015 at 9:06 AM, German  wrote:
>> On Sun, 22 Mar 2015 08:49:54 +0200
>> Matti Nykyri  wrote:
>> 
>> > > On Mar 22, 2015, at 8:32, German  wrote:
>> > >
>> > >
>> > > /sbin/poweroff says "Must be a superuser" :(
>> >
>> > Did you read any of the previous messages? They told you that you have to 
>> > have consolekit and polkit installed and configured for this to work!
>> 
>> Yes, I've read them. However no one explianed how this has to be 
>> accomplished with polkit and consolekit.

Read http://wiki.gentoo.org/wiki/Polkit and all the links and prerequisites 
(consolekit and dbus) and polkit man page.

>>  Also the use of sudo is another choice.
>> 
>> Sudo is just a package?
> 
> Yes, it is.
> qsearch sudo|sed 1q
> app-admin/sudo Allows users or groups to run commands as other users
>  
>> >
>> > If you want every user to be able to shutdown just run this command:
>> >
>> > chmod 6755 /sbin/poweroff

-- 
-Matti

Re: [gentoo-user] How to poweroff the system from user?

2015-03-22 Thread Fernando Rodriguez
On Sunday, March 22, 2015 3:06:59 AM German wrote:
> On Sun, 22 Mar 2015 08:49:54 +0200
> Matti Nykyri  wrote:
> 
> > > On Mar 22, 2015, at 8:32, German  wrote:
> > > 
> > > 
> > > /sbin/poweroff says "Must be a superuser" :(
> > 
> > Did you read any of the previous messages? They told you that you have to 
have consolekit and polkit installed and configured for this to work!
> 
> Yes, I've read them. However no one explianed how this has to be 
accomplished with polkit and consolekit.

You don't need those. It sounds like you somehow got both sysvinit and systemd 
installed. The message you're getting is from sysvinit. poweroff should be a 
symlink to systemctl. Try:

systemctl poweroff

You may need to unmerge sysvinit and anything else related to openrc and then 
re-emerge systemd. With systemd it should either shutdown or ask you for the 
root password (if you're not logged in locally or there's other users logged 
in).

-- 
Fernando Rodriguez



Re: [gentoo-user] How to poweroff the system from user?

2015-03-22 Thread Alexander Kapshuk
On Sun, Mar 22, 2015 at 9:06 AM, German  wrote:

> On Sun, 22 Mar 2015 08:49:54 +0200
> Matti Nykyri  wrote:
>
> > > On Mar 22, 2015, at 8:32, German  wrote:
> > >
> > >
> > > /sbin/poweroff says "Must be a superuser" :(
> >
> > Did you read any of the previous messages? They told you that you have
> to have consolekit and polkit installed and configured for this to work!
>
> Yes, I've read them. However no one explianed how this has to be
> accomplished with polkit and consolekit.
>
>  Also the use of sudo is another choice.
>
> Sudo is just a package?
>

Yes, it is.
qsearch sudo|sed 1q
app-admin/sudo Allows users or groups to run commands as other users


> >
> > If you want every user to be able to shutdown just run this command:
> >
> > chmod 6755 /sbin/poweroff
> >
> > --
> > -Matti
>
>
> --
>
>
>


Re: [gentoo-user] How to poweroff the system from user?

2015-03-22 Thread German
On Sun, 22 Mar 2015 08:49:54 +0200
Matti Nykyri  wrote:

> > On Mar 22, 2015, at 8:32, German  wrote:
> > 
> > 
> > /sbin/poweroff says "Must be a superuser" :(
> 
> Did you read any of the previous messages? They told you that you have to 
> have consolekit and polkit installed and configured for this to work!

Yes, I've read them. However no one explianed how this has to be accomplished 
with polkit and consolekit.

 Also the use of sudo is another choice.

Sudo is just a package?
> 
> If you want every user to be able to shutdown just run this command:
> 
> chmod 6755 /sbin/poweroff
> 
> -- 
> -Matti


-- 




Re: [gentoo-user] How to poweroff the system from user?

2015-03-21 Thread Matti Nykyri
> On Mar 22, 2015, at 8:32, German  wrote:
> 
> 
> /sbin/poweroff says "Must be a superuser" :(

Did you read any of the previous messages? They told you that you have to have 
consolekit and polkit installed and configured for this to work! Also the use 
of sudo is another choice.

If you want every user to be able to shutdown just run this command:

chmod 6755 /sbin/poweroff

-- 
-Matti


Re: [gentoo-user] How to poweroff the system from user?

2015-03-21 Thread German
On Sat, 21 Mar 2015 18:51:58 -0400
Fernando Rodriguez  wrote:

> On Saturday, March 21, 2015 4:58:42 PM German wrote:
> > On Sat, 21 Mar 2015 16:32:25 -0400
> > Philip Webb  wrote:
> > 
> > > 150321 German wrote:
> > > > If I run poweroff from root, the system shuts down.
> > > > When I run poweroff from user -- command not found.
> > > > How to shut down the system from user ?
> > > 
> > > I'ld say "Don't" : it's contrary to the principles of Unix,
> > > which separate the roles of sysadmin (root) from those of ordinary users.
> > > 
> > > To shut down, I first exit Fluxbox via its menu,
> > > then 'su' + root password, then alias 'down' = 'shutdown -h now'.
> > > That observes the proper roles + ceremonies (smile).
> > 
> > Interesting. But as I said ealier, I can reboot the system when I am a user 
> by Ctrl+Alt+Delete. The user can reboot the system, but can't shut down? 
> Strange
> > > 
> 
> Either /sbin/poweroff or /usr/sbin/poweroff will do it from a local session 
> (if 
> there's no other users logged in locally).

/sbin/poweroff says "Must be a superuser" :(
> 
> Like I said, /sbin is only on the search path for root by default on gentoo.
> 
> -- 
> Fernando Rodriguez
> 


-- 
German 



Re: [gentoo-user] How to poweroff the system from user?

2015-03-21 Thread Fernando Rodriguez
On Saturday, March 21, 2015 11:52:45 PM Emanuele Rusconi wrote:
> Ctrl-Alt-Del can be set to do what you want.
> 
> I have this in my /etc/inittab:
> 
> ca:12345:ctrlaltdel:/sbin/shutdown -P now
> 
> This way Ctrl-Alt-Del calls power off instead of reboot.
> So to shutdown I just exit from Openbox and press Ctrl-Alt-Del.
> 
> -- Emanuele Rusconi

Also sysvinit specific.
On systemd you need to copy /usr/lib/systemd/system/ctrl-alt-del.target to 
/etc/systemd/system and edit that file.

-- 
Fernando Rodriguez

signature.asc
Description: This is a digitally signed message part.


Re: [gentoo-user] How to poweroff the system from user?

2015-03-21 Thread Emanuele Rusconi
Ctrl-Alt-Del can be set to do what you want.

I have this in my /etc/inittab:

ca:12345:ctrlaltdel:/sbin/shutdown -P now

This way Ctrl-Alt-Del calls power off instead of reboot.
So to shutdown I just exit from Openbox and press Ctrl-Alt-Del.

-- Emanuele Rusconi


Re: [gentoo-user] How to poweroff the system from user?

2015-03-21 Thread Fernando Rodriguez
On Saturday, March 21, 2015 4:58:42 PM German wrote:
> On Sat, 21 Mar 2015 16:32:25 -0400
> Philip Webb  wrote:
> 
> > 150321 German wrote:
> > > If I run poweroff from root, the system shuts down.
> > > When I run poweroff from user -- command not found.
> > > How to shut down the system from user ?
> > 
> > I'ld say "Don't" : it's contrary to the principles of Unix,
> > which separate the roles of sysadmin (root) from those of ordinary users.
> > 
> > To shut down, I first exit Fluxbox via its menu,
> > then 'su' + root password, then alias 'down' = 'shutdown -h now'.
> > That observes the proper roles + ceremonies (smile).
> 
> Interesting. But as I said ealier, I can reboot the system when I am a user 
by Ctrl+Alt+Delete. The user can reboot the system, but can't shut down? 
Strange
> > 

Either /sbin/poweroff or /usr/sbin/poweroff will do it from a local session (if 
there's no other users logged in locally).

Like I said, /sbin is only on the search path for root by default on gentoo.

-- 
Fernando Rodriguez



Re: [gentoo-user] How to poweroff the system from user?

2015-03-21 Thread Fernando Rodriguez
On Saturday, March 21, 2015 9:35:44 PM Alexander Kapshuk wrote:
> On Sat, Mar 21, 2015 at 9:34 PM, Alexander Kapshuk <
> alexander.kaps...@gmail.com> wrote:
> 
> > On Sat, Mar 21, 2015 at 9:26 PM, German  wrote:
> >
> >> If I run poweroff from root, the system shuts down, however when I run
> >> poweroff from user -- command not found. How to shut down the system from
> >> user? Thanks
> >>
> >> --
> >> German 
> >>
> >>
> > poweroff(1) says:
> > If  you're  not  the superuser, you will get the message `must be supe‐
> >ruser'.
> >
> > Either run poweroff as the superuser, or if you're running Gnome, KDE,
> > XFCE, etc., you may use the shutdown option available in those desktop
> > environments.
> >
> > Others might suggest other ways of doing it.
> >
> 
> It's actually poweroff(8). Sorry.

That's actually sysvinit poweroff...systemd's is different.
-- 
Fernando Rodriguez



Re: [gentoo-user] How to poweroff the system from user?

2015-03-21 Thread Jc García
> Interesting. But as I said ealier, I can reboot the system when I am a user 
> by Ctrl+Alt+Delete. The user can reboot the system, but can't shut down? 
> Strange

It's not strange,  `man 2 reboot`. It's a defined behavior.



Re: [gentoo-user] How to poweroff the system from user?

2015-03-21 Thread German
On Sat, 21 Mar 2015 16:32:25 -0400
Philip Webb  wrote:

> 150321 German wrote:
> > If I run poweroff from root, the system shuts down.
> > When I run poweroff from user -- command not found.
> > How to shut down the system from user ?
> 
> I'ld say "Don't" : it's contrary to the principles of Unix,
> which separate the roles of sysadmin (root) from those of ordinary users.
> 
> To shut down, I first exit Fluxbox via its menu,
> then 'su' + root password, then alias 'down' = 'shutdown -h now'.
> That observes the proper roles + ceremonies (smile).

Interesting. But as I said ealier, I can reboot the system when I am a user by 
Ctrl+Alt+Delete. The user can reboot the system, but can't shut down? Strange
> 
> -- 
> ,,
> SUPPORT ___//___,   Philip Webb
> ELECTRIC   /] [] [] [] [] []|   Cities Centre, University of Toronto
> TRANSIT`-O--O---'   purslowatchassdotutorontodotca
> 
> 


-- 
German 



Re: [gentoo-user] How to poweroff the system from user?

2015-03-21 Thread Rich Freeman
On Sat, Mar 21, 2015 at 4:32 PM, Philip Webb  wrote:
>
> I'ld say "Don't" : it's contrary to the principles of Unix,
> which separate the roles of sysadmin (root) from those of ordinary users.
>

There are a couple of schools of thought there.  One that differs from
what you suggested is that root isn't really a pure role - it is a uid
you can log in as (which mostly makes the actions you take as root
anonymous in a multi-admin environment).  If you're into role-based
access control then you really don't want people just switching to
root all the time - you want to define roles and their specific
requirements, and then assign those roles to users.  Sudo is a simple
tool for doing this, but stuff like consolekit/logind/policykit and so
on are about giving more granular access to users.  Likewise posix
capabilities are all about making what traditionally is root much more
granular.

But, yes, the simple answer is to just log in as root to power off the
system.  That will almost certainly work for at least the next 20
years.  Everything else is just added capabilities.

-- 
Rich



Re: [gentoo-user] How to poweroff the system from user?

2015-03-21 Thread Philip Webb
150321 German wrote:
> If I run poweroff from root, the system shuts down.
> When I run poweroff from user -- command not found.
> How to shut down the system from user ?

I'ld say "Don't" : it's contrary to the principles of Unix,
which separate the roles of sysadmin (root) from those of ordinary users.

To shut down, I first exit Fluxbox via its menu,
then 'su' + root password, then alias 'down' = 'shutdown -h now'.
That observes the proper roles + ceremonies (smile).

-- 
,,
SUPPORT ___//___,   Philip Webb
ELECTRIC   /] [] [] [] [] []|   Cities Centre, University of Toronto
TRANSIT`-O--O---'   purslowatchassdotutorontodotca




Re: [gentoo-user] How to poweroff the system from user?

2015-03-21 Thread Jc García
2015-03-21 14:01 GMT-06:00 German :
> On Sat, 21 Mar 2015 15:47:16 -0400
> Rich Freeman  wrote:
>
>> On Sat, Mar 21, 2015 at 3:39 PM, German  wrote:
>> >
>> > No, I am trying to shutdown from a console
>>
>> Well, the old answer would be that you need to use sudo to run it, as
>> shutting down is a privileged operation.
>>
>> I suspect that the new answer is that with appropriate
>> policykit/consolekit/etc settings you can probably allow somebody
>> sitting at a physical console to shut down the system, or any
>> logged-in user if you prefer.  However, I haven't actually set that up
>> myself.
>
> Well, I am the only one sitting at the console :) Are there any key 
> combination which allows that? I can reboot even if I am a user with 
> Ctrl+Alt+Delete
>>

Just use sudo to allow your user to shutdwon without
password(suders(5) manpage is your friend), and put an  alias in your
bashrc:
alias poweroff="sudo /sbin/poweroff"



Re: [gentoo-user] How to poweroff the system from user?

2015-03-21 Thread Fernando Rodriguez
On Saturday, March 21, 2015 3:26:56 PM German wrote:
> If I run poweroff from root, the system shuts down, however when I run 
poweroff from user -- command not found. How to shut down the system from user? 
Thanks
> 
> 

The command not found part is because /sbin and /usr/sbin and on gentoo it's 
not on your PATH env var by default.

I think it's supposed to be a security measure but really it provides no 
security whatsoever so I always add it to my path. After that you'll be able 
to shutdown if there's no other active sessions, otherwise you should be 
prompted for password.

-- 
Fernando Rodriguez



Re: [gentoo-user] How to poweroff the system from user?

2015-03-21 Thread German
On Sat, 21 Mar 2015 15:47:16 -0400
Rich Freeman  wrote:

> On Sat, Mar 21, 2015 at 3:39 PM, German  wrote:
> >
> > No, I am trying to shutdown from a console
> 
> Well, the old answer would be that you need to use sudo to run it, as
> shutting down is a privileged operation.
> 
> I suspect that the new answer is that with appropriate
> policykit/consolekit/etc settings you can probably allow somebody
> sitting at a physical console to shut down the system, or any
> logged-in user if you prefer.  However, I haven't actually set that up
> myself.

Well, I am the only one sitting at the console :) Are there any key combination 
which allows that? I can reboot even if I am a user with Ctrl+Alt+Delete
> 
> -- 
> Rich
> 


-- 
German 



Re: [gentoo-user] How to poweroff the system from user?

2015-03-21 Thread Canek Peláez Valdés
On Sat, Mar 21, 2015 at 1:47 PM, Rich Freeman  wrote:
>
> On Sat, Mar 21, 2015 at 3:39 PM, German  wrote:
> >
> > No, I am trying to shutdown from a console
>
> Well, the old answer would be that you need to use sudo to run it, as
> shutting down is a privileged operation.
>
> I suspect that the new answer is that with appropriate
> policykit/consolekit/etc settings you can probably allow somebody
> sitting at a physical console to shut down the system, or any
> logged-in user if you prefer.  However, I haven't actually set that up
> myself.

logind does that for you automagically™. The first seat has the rights to
poweroff or reboot the machine, and it can differentiate between local and
remote logins. You can check if your user session has the permissions to
poweroff/reboot via dbus:

$ gdbus call --system --dest org.freedesktop.login1 --object-path
/org/freedesktop/login1 --method org.freedesktop.login1.Manager.CanPowerOff
('yes',)

$ gdbus call --system --dest org.freedesktop.login1 --object-path
/org/freedesktop/login1 --method org.freedesktop.login1.Manager.CanReboot
('yes',)

But you need systemd to use logind1. There has been some attempts to
reimplement logind outside systemd, but I'm not sure how advanced they are.

This kind of problems were one of the reasons for creating logind.

Regards.
--
Canek Peláez Valdés
Profesor de asignatura, Facultad de Ciencias
Universidad Nacional Autónoma de México


Re: [gentoo-user] How to poweroff the system from user?

2015-03-21 Thread Rich Freeman
On Sat, Mar 21, 2015 at 3:39 PM, German  wrote:
>
> No, I am trying to shutdown from a console

Well, the old answer would be that you need to use sudo to run it, as
shutting down is a privileged operation.

I suspect that the new answer is that with appropriate
policykit/consolekit/etc settings you can probably allow somebody
sitting at a physical console to shut down the system, or any
logged-in user if you prefer.  However, I haven't actually set that up
myself.

-- 
Rich



Re: [gentoo-user] How to poweroff the system from user?

2015-03-21 Thread German
On Sat, 21 Mar 2015 21:34:51 +0200
Alexander Kapshuk  wrote:

> On Sat, Mar 21, 2015 at 9:26 PM, German  wrote:
> 
> > If I run poweroff from root, the system shuts down, however when I run
> > poweroff from user -- command not found. How to shut down the system from
> > user? Thanks
> >
> > --
> > German 
> >
> >
> poweroff(1) says:
> If  you're  not  the superuser, you will get the message `must be supe‐
>ruser'.
> 
> Either run poweroff as the superuser, or if you're running Gnome, KDE,
> XFCE, etc., you may use the shutdown option available in those desktop
> environments.

No, I am trying to shutdown from a console
> 
> Others might suggest other ways of doing it.


-- 
German 



Re: [gentoo-user] How to poweroff the system from user?

2015-03-21 Thread Alexander Kapshuk
On Sat, Mar 21, 2015 at 9:34 PM, Alexander Kapshuk <
alexander.kaps...@gmail.com> wrote:

> On Sat, Mar 21, 2015 at 9:26 PM, German  wrote:
>
>> If I run poweroff from root, the system shuts down, however when I run
>> poweroff from user -- command not found. How to shut down the system from
>> user? Thanks
>>
>> --
>> German 
>>
>>
> poweroff(1) says:
> If  you're  not  the superuser, you will get the message `must be supe‐
>ruser'.
>
> Either run poweroff as the superuser, or if you're running Gnome, KDE,
> XFCE, etc., you may use the shutdown option available in those desktop
> environments.
>
> Others might suggest other ways of doing it.
>

It's actually poweroff(8). Sorry.


Re: [gentoo-user] How to poweroff the system from user?

2015-03-21 Thread Alexander Kapshuk
On Sat, Mar 21, 2015 at 9:26 PM, German  wrote:

> If I run poweroff from root, the system shuts down, however when I run
> poweroff from user -- command not found. How to shut down the system from
> user? Thanks
>
> --
> German 
>
>
poweroff(1) says:
If  you're  not  the superuser, you will get the message `must be supe‐
   ruser'.

Either run poweroff as the superuser, or if you're running Gnome, KDE,
XFCE, etc., you may use the shutdown option available in those desktop
environments.

Others might suggest other ways of doing it.


[gentoo-user] How to poweroff the system from user?

2015-03-21 Thread German
If I run poweroff from root, the system shuts down, however when I run poweroff 
from user -- command not found. How to shut down the system from user? Thanks

-- 
German