We recently had a request from the User Support Unit to block users from doing a shutdown on machines in meeting rooms. The reason behind this is that the machines themselves are stored in locked cupboards, once they are powered off you need a key to open the cupboard and press the power button which is rather inconvenient.
At the same time we still wanted to allow users to be able to do reboots as a last resort when things go wrong so we could not just block all access to the shutdown command.
There are command line tools named “poweroff” and “reboot” for which access is controlled through consolehelper and thus PAM. I modified the PAM config for poweroff to block everyone who does not have system administrator privileges. However, this does not prevent users doing a shutdown from the gnome system menu. I hunted around the web for quite a while for any sort of solution to this or hint as to how gnome is actually sending that poweroff request. Eventually I discovered the little known fact that if you remove the gdm system menu, to prevent reboot and shutdown requests from the login screen, the shutdown option magically disappears from the gnome system menu. This probably does not prevent the determined user who really wants to shutdown the machine but it will stop all the people who select shutdown when they meant to just logout.
That’s quite impressive behaviour! (Let’s hope it doesn’t quietly change in some minor version upgrade)
I’m sure you know but for the record you can also use gconf (not your favourite thing I know!) to configure gnome in various ways. A little poking around turned up this setting for instance:
$ gconftool-2 --long-docs /apps/gnome-session/options/logout_option
This is the option that will be selected in the logout dialog, valid values are "logout" for logging out, "shutdown" for halting the system and "restart" for restarting the system.
Not the right setting in this case I’m sure, but you get the idea. The
--all-dirsand-Rand-aoptions are useful in exploring what settings are there to be set. They don’t seem to be comprehensively documented elsewhere: you seem to have to recursively go through gconf looking for likely-sounding settings and looking at their doc strings.The problem with that option is that it doesn’t prevent users halting the system or even hide the “shutdown” option in the system menu. What it does is make the “logout” button the default button in the logout dialog box instead of “shutdown”, this is already the standard setting on DICE machines as far as I can tell.
Yes – that’s certainly not the right option to use. It was just an illustration of the sort of thing that’s lurking in gconf ready to be configured. I expect there are a number of ways and places in gconf in which to configure various aspects of the shutdown command. I thought it was worth mentioning mainly because it took me a while to learn (a) of the existence of all these gconf config options and (b) how to get at them.