On 12/19/2012 04:58 PM, berenger.mo...@neutralite.org wrote: > > > Le 19.12.2012 16:25, Hugo Vanwoerkom a écrit : >> Michael Biebl wrote: >>> On 19.12.2012 01:04, Hugo Vanwoerkom wrote: >>>> Michael Biebl wrote: >>>>> On 19.12.2012 00:34, berenger.mo...@neutralite.org wrote: >>>>>> Except using sudo, I know no solution... sadly. >>>>>> Maybe you can do something with policykit, too, I never tried to >>>>>> understand how it works, but I think giving rights to some >>>>>> softwares is its role. >>>>> sudo is one option, the other is to use upower (which runs as system >>>>> daemon with root privileges) and use a command like this >>>>> >>>>> >>>>> $ dbus-send --print-reply \ >>>>> --system \ >>>>> --dest=org.freedesktop.UPower \ >>>>> /org/freedesktop/UPower \ >>>>> org.freedesktop.UPower.Suspend >>>>> >>>>> >>>> This related to LXDE which I am trying out. The hibernate and >>>> suspend buttons do nothing in the logout menu. Googling says that >>>> LXDE uses pm-utils. So I was guessing that invoking >>>> pm-hibernate/suspend was involved, which I can do as root but not as >>>> user. >>> Since the user session runs unprivileged, and pm-suspend/pm-hibernate >>> need to run as root, you will need to go through a system service like >>> upower. >>> I know nothing about LXDE, but e.g. in GNOME, the power manager simply >>> sends the above dbus requests when you hit the suspend button or close >>> the lid. >>> I would expect LXDE provides a similar user power management agent. >>> >>> >> >> Indeed. I found this: >> https://wiki.archlinux.org/index.php/PolicyKit#Suspend_and_hibernate >> >> Follow that and addgroup power and adduser to power and you can now >> hibernate and suspend. >> >> Hugo > > A bit out of topic, but I wonder why there is no other solution than > using dbus to let a user shutdown/hibernate/suspend his computer? This > is not the only point where the problem apply: you have same troubles > with network, and maybe on other things I did not experiment (to add > softwares and/or modify system-wide configuration files, I think it is > perfectly normal to need root, because no normal user does those actions > everyday). > > Of course, there are workarounds, with dbus, sudo... > Of course, the way things are actually done is nice for enterprises, > which need a high security level, at least for servers. > > But, in my humble opinion, linux should not be reserved for enterprises, > some people uses it at home, for pleasure (like me) and this > over-security is counter-productive: I am switching to root quite often, > for things as simple as asking to renew my IP address on a network, > suspend my computer, changing wifi network I am using (if I am in a > friend's home, at work, in a "cybercafe" (don't know english name, > sorry)...). > This results in having a quasi-permanent root console enabled on my > system, which is not really safe (I enabled a special colored prompt to > avoid doing mistakes there ;) ). > > I could use the workarounds, yes, but I tend to prefer minimalist > systems, and I do not really know where dbus is needed on my computer: > my softwares usually do not need to communicate, except for copy/paste, > but this is done through X11 AFAIK. > As I prefer minimalist things (no true desktop environment, by example) > I did not install policykit, because: > _ I can do everything I need without it. Only "simple" things are more > boring: power and network management in my situation > _ I do not understand how it works (and because it is not needed and I > have many other things more important to learn, I do not want to learn > about it for now) > > I can understand the interest, for enterprises, which is probably where > linux is the most widely used, but is it only political reasons, or is > there is a technical limitation? > In the first situation, it could be interesting to provide a way for > simple users to control their computers. I am seeing linux as a system > for tinkerers and people who like to have choices. And on those things, > there are no real choices: root or dbus. Even windows is able to > shutdown a computer with a command made by basic user (shutdown IIRC).
Linux is designed to be a multi-user system. This means, that system-access is strictly denied to normal users. It makes linux safe. You could easily configure sudo to do exactly what you want: Running commands with elevated rights ... without root access for all commands and without a separate passoword. I have configured an own shutdown script with sudo myself and use pmount for mounting devices as normal user. And for administration (I also like to tinker with my system) I simply use a "su" to become root -- why would that be difficult? On Windows you first need to create a shortcut and then "Run as administrator" and even then you are not able to e.g. delete everything you want. > The strange point is that you have physical access to switches allowing > you to poweroff your computer (and network: for wifi, you often have a > button, for wired you can unplug the cable), but you need special > password to ask a new IP or shutdown correctly the computer? > Well, to shutdown the computer, you can also switch to TTYs, and do > CTRL+ALT+SUPPR to reboot. Then, use the button... Err... simple... True, but I rather have an overall-safe system and that shutdown-issue than an insecure system. > I remember some article about Linus Torvalds complaining about the > over-security in distros, needing to use root account for most actions. > I do not agree on all of his words, but on that point, I have to admit > that for my usage, those points are simply boring. > Of course, I know that it is needed for other people in various > situations (poweroff on a distant computer with user access could be a > big problem by example) but what I would like to know is, is there any > technical reasons to avoid users to shutdown a computer, or use > ifconfig, ifup and ifdown tools? I think it is implied by the multi-user approach: If another user was logged in at your computer (e.g. over ssh) and you just disabled network they would lose connection. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50d1eb7e.2030...@web.de
