-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Dec 07, 2017 at 03:03:44AM -0600, Dave Sherohman wrote: > On Thu, Dec 07, 2017 at 11:26:45AM +1300, Ben Caradoc-Davies wrote: > > Special privileges have been granted to console users for as long as I can > > remember, long before systemd, because they have physical access to the > > machine. Console users typically are also permitted to mount, unmount, and > > eject removable media, and have access to audio devices. > > I think this is a key point that's been overlooked in the complaints > about this behavior: It has nothing to do with systemd.
No. It has to do with polkit & friends. On my system (which is a pretty "classic" setup: no systemd, but also as little as possible from all this more "modern" desktop stuff, which I don't like very much [1]), /sbin/halt *wants* me to be root. This isn't inherently more secure (or less) but just The Way it Is (TM) -- an heritage from times *every* user on an Unix system was remote. The policy kit and its descendants try to make a guess whether the user is "physically present" to allow them to shut down the computer. As others have pointed out, this does make sense (as long as the above guess is sufficiently accurate, that is), because the user can pull the cord/extract the batteries/smash the box anyway. Now to that guess: for your vanilla PC/laptop/tablet/smartphone class of machine, if the user is at the console or the local terminal, implying presence is a pretty accurate guess. That's why the default configuration comes shipped as it is. If you are installing an ATM/voting computer/AS400, I'd hope that, as a system integrator you *know what you are doing* and set the defaults appropriately. So all is well. This isn't a bug. For someone coming from "traditional" Unix, this might be unexpected (and has thus some potential for damage), but that expectation hasn't been broken by systemd this time. There are Linux distros for big IBM iron: anyone cares to have a look how the default policy settings are there? (As that's SuSE's realm, mainly, I'd guess they are similar enough to RedHat that they're using something along these lines). Cheers [1] Don't take me wrong. Those desktop thingies have their place. Just not on "my" desktop, dammit :-) - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlopFhsACgkQBcgs9XrR2kaUcwCeMgdvqAWryzSSxE5W3r8+Ol2o NE8AnAlA3wWeb2dJ4xdTN5Cyy+3Al/PT =xit+ -----END PGP SIGNATURE-----
