Re: Prevent shutdown with systemctl

[Floris <jkfloris@dds.nl>]

Op Mon, 04 Jan 2016 21:43:10 +0100 schreef Brian <ad44@cityscape.co.uk>:

> On Mon 04 Jan 2016 at 20:03:33 +0100, Floris wrote:
>
> > Op Mon, 04 Jan 2016 18:16:39 +0100 schreef Michael Biebl  
> > <biebl@debian.org>:
> >
> > >Am 04.01.2016 um 16:55 schrieb Floris:
> > >>Dear list,
> > >>
> > >>Often there are multiple users working on my multiseat [1] system,  
> > some
> > >>of them are kids and they are not paying attention if someone else is
> > >>logged in. They can shutdown the computer even if someone else is  
> > logged
> > >>in and have an active session.
> > >
> > >What command exactly do they use?
> >
> > the power off button in gnome3.18
> >
> > There is a warning that an other user is logged in, but all users are
> > able to shutdown/ reboot.
> Devise a file to put in /etc/polkit-1/localauthority/50-local.d after
> you have read pklocalauthority(8). Works for me.

Thanks Michael and Brain for giving the right clues.

I made the file
/etc/polkit-1/localauthority/50-local.d/10-disable-reboot.pkla

with

[Disable poweroff and reboot]
Identity=unix-user:julian;unix-user:eugenie
Action=org.freedesktop.login1.power-off-multiple-sessions;org.freedesktop.login1.reboot-multiple-sessions
ResultActive=auth_admin_keep

Two questions
- there is also a /etc/polkit-1/rules.d directory. When and how do you use  
that directory?
- How can I point to all users by 'Identity='?

to Michael
> Can you tell me which policykit-1 version you are using?
policykit-1:amd64/testing 0.105-14
policykit-1-gnome:amd64/testing 0.105-2

Maybe there is a reason. Why is the default rule:

<action id="org.freedesktop.login1.power-off-multiple-sessions">
 <allow_any>auth_admin_keep</allow_any>
 <allow_inactive>auth_admin_keep</allow_inactive>
 <allow_active>yes</allow_active>
</defaults>

instead of
...
 <allow_active>auth_admin_keep</allow_active>
...

Thanks for the information

Floris