[Bug 59397] Shutdown permissions

[Mr_Person]

Public bug reported:

I run an Ubuntu server that people can VNC into. One of my users runs
XFCE4 as their window manager and one day discovered that he could
shutdown the server by just clicking the "shutdown" button from the XFCE
logout menu.

I was pretty surprised that worked because no regular users have
permission to issue any shutdown commands either from the command line
or using GDM. After some research, I confirmed that HAL is to blame. As
far as I can tell, XFCE sends a command to HAL via D-Bus, and it then
executes /usr/share/hal/scripts/hal-system-power-shutdown. Since hald-
runner (which I'm assuming is responsible for executing HAL scripts)
runs as root, it's able to issue shutdown commands without any problems.

This is a pretty big problem for me. I can't have just any user issuing
shutdown commands on a shared server. It's also worrying that HAL will
execute scripts on behalf of any user as root. Is there any way to
restrict what kinds of things HAL will do for users or at least keep it
from running scripts as root?

Thanks!

(Question initially asked at:
http://ubuntuforums.org/showthread.php?t=252559)

** Affects: hal (Ubuntu)
     Importance: Untriaged
         Status: Unconfirmed

** Visibility changed to: Public

-- 
Shutdown permissions
https://launchpad.net/bugs/59397