touch-packages team mailing list archive

Thread
Date

[Bug 1440040] Re: reboot command is executable by anybody

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Fri, 03 Apr 2015 12:55:02 -0000
Reply-to: Bug 1440040 <1440040@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The reboot command uses policykit to determine who is allowed to reboot
the computer. The default policy is found in the
/usr/share/polkit-1/actions/org.freedesktop.login1.policy file,
specifically:

        <action id="org.freedesktop.login1.reboot">
                <description>Reboot the system</description>
                <defaults>
                        <allow_any>auth_admin_keep</allow_any>
                        <allow_inactive>auth_admin_keep</allow_inactive>
                        <allow_active>yes</allow_active>
                </defaults>
        </action>


This means that if a user is on the console, they can reboot the computer. If they aren't on the console, they need to authenticate as an administrator. The reasoning behind allowing console users to shutdown and reboot is that they have physical access anyway and are able to use the power button to perform the same task.

You can override the default policy by creating your own policy file in
/var/lib/polkit-1/localauthority. Please see the policykit documentation
for specific instructions.


** Information type changed from Private Security to Public Security

** Changed in: systemd (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1440040

Title:
  reboot command is executable by anybody

Status in systemd package in Ubuntu:
  Invalid

Bug description:
  1) Description:	Ubuntu Vivid Vervet (development branch)
  Release:	15.04

  2) systemd:
    Installed: 219-6ubuntu1
    Candidate: 219-6ubuntu1
    Version table:
   *** 219-6ubuntu1 0
          500 http://archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages
          100 /var/lib/dpkg/status

  3) The `reboot` command does not need to be executable by anybody.

  4) It is.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.04
  Package: systemd-sysv 219-6ubuntu1
  ProcVersionSignature: Ubuntu 3.19.0-10.10-generic 3.19.2
  Uname: Linux 3.19.0-10-generic x86_64
  ApportVersion: 2.17-0ubuntu1
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Apr  3 14:51:30 2015
  InstallationDate: Installed on 2015-02-02 (59 days ago)
  InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1)
  SourcePackage: systemd
  UpgradeStatus: Upgraded to vivid on 2015-03-11 (22 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1440040/+subscriptions