Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 256056 - user allowed to end other user's or even root's session by shutting down
Summary: user allowed to end other user's or even root's session by shutting down
Status: RESOLVED TEST-REQUEST
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: x86 Linux
: High normal with 1 vote (vote)
Assignee: Gentoo KDE team
URL: https://bugs.kde.org/show_bug.cgi?id=...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-01-23 01:22 UTC by Erik
Modified: 2009-11-09 11:52 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
emerge --info (emerge.info,4.23 KB, text/plain)
2009-01-24 03:08 UTC, Erik 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Erik 2009-01-23 01:22:00 UTC 
A user can end another user's or even root's session by shutting off or rebooting the system.

Reproducible: Always

Steps to Reproduce:
1. Start the computer.
2. Log in as user in KDM.
3. Switch to virtual terminal 1.
4. Log in as root.
5. Switch back to virtual terminal 7.
6. Start Konsole.
7. Execute "who". This shows both root and user.
8. Press Ctrl+Alt+Delete.
9. Press enter.
Actual Results:  
The computer is shut off without even a warning!

Expected Results:  
A user is not allowed to end another user's session (especially not root's).
(Someone might prefer to just have a warning as an option, but forbidding would
suffice for me.)

Even better would be if a user is can not shut down or reboot even if all other
remaining sessions are his own. He would have to exit each of them (except the
last one, from which me may shut down). That can prevent data loss but is not
as important as protecting other user's (or root's) sessions.

This is especially annoying if root has been emerging openoffice since a few days and has to start over when he discovers that the user has triggered this bug.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2009-01-24 01:51:08 UTC 
I don't know if this is a KDE specific problem or perhaps something deeper down, but let's start off investigating your `emerge --info' and perhaps the version of KDE that you are using...
Comment 2 Erik 2009-01-24 03:08:29 UTC 
Created attachment 179498 [details]
emerge --info

KDE version is 3.5.10.
Comment 3 Matt Summers (RETIRED) gentoo-dev 2009-01-24 05:33:40 UTC 
Some of this behavior is determined by settings in KControl (for KDE-3.5.x).
System Administration -> Login Manager -> Shutdown

Regarding CTRL+ALT+DEL, I believe that can be restricted too, but the method escapes my memory. Perhaps someone else can provide a clue.
Comment 4 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2009-01-24 06:37:34 UTC 
(In reply to comment #3)

> Regarding CTRL+ALT+DEL, I believe that can be restricted too, but the method
> escapes my memory. Perhaps someone else can provide a clue.
> 

xorg.conf - DontZap

"Option "DontZap"  "boolean" " In the xorg.conf(5) man page
Comment 5 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2009-01-24 06:39:19 UTC 
(In reply to comment #3)
> Regarding CTRL+ALT+DEL, I believe that can be restricted too, but the method
> escapes my memory. Perhaps someone else can provide a clue.

'ca:12345:ctrlaltdel:/sbin/shutdown -r now' in /etc/inittab can be removed.
Comment 6 Erik 2009-01-24 11:01:29 UTC 
Just to remind: Oswald Buddenhagen wrote in comments #3 and #4 of the KDE report (see URL) that this is supposed to be fixed and work properly. Other user's sessions will be protected as long as they show up in the 'who'-command. But it does not work.
Comment 7 Samuli Suominen (RETIRED) gentoo-dev 2009-11-09 11:52:42 UTC 
(In reply to comment #2)
> KDE version is 3.5.10.

KDE 3.5.10 has been masked for removal, reopen if you still experience this with KDE4.