On Tue, Dec 3, 2013 at 12:55 AM, Mantas Mikulėnas <graw...@gmail.com> wrote: > > On Dec 3, 2013 1:51 AM, "Tom Gundersen" <t...@jklm.no> wrote: >> >> On Tue, Dec 3, 2013 at 12:04 AM, Kay Sievers <k...@vrfy.org> wrote: >> > On Mon, Dec 2, 2013 at 11:52 PM, Goffredo Baroncelli >> > <kreij...@libero.it> wrote: >> > >> >> I have ne question: what happens if a sysctl setting is in more than >> >> one file ? systemd-sysctl is smart enough to write the last value or >> >> perform several writes ? >> > >> > One write only, it logs at "info" level about overwritten values. >> > >> >>> Kay explained in IRC that we do not allow such actions, because access >> >>> to >> >>> the keyboad doesn't mean full access to the machine, and we default to >> >>> safe >> >>> settings. Allowing the reboot though logind is different, because the >> >>> user >> >>> must authenticate first to open a session. >> >> >> >> Sorry, but I cannot agree: from a theoretical point of view Kay has >> >> reason. However who has access to the keyboard and not to the "power >> >> switch" ? If I want to switch the PC and the software cannot allow it, >> >> I >> >> unplug the main power... >> > >> > The keyboard is surely not the computer itself, the wires or the reset >> > or power button. Login prompts must not have the ability to trigger >> > unsafe options with the keyboard alone. >> >> It is useful to imagine an internet cafe, a library, or a school, >> where the user may only have physical access to the keyboard, and not >> the machine itself. > > But logind needs to be reconfigured anyway to disallow reboots in this > situation, so why would sysctl be different?
No, logind requires an active session of a locally logged-in user. That is safe enough for a default. A login prompt only should not be able to do that. > Also Ctrl-Alt-Del and/or the login manager's Reboot option. This will go away with when we move to systemd-consoled from kernel VTs, it can do the same logic as logind. Kay _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel