Hiding Shutdown/reboot in logout dialog and possible security issue

Anders Bruun Olsen abo at dsl.dk
Fri Jul 11 09:14:53 UTC 2014 

Hi Israel,

I still maintain that I do not need any kind of graphical login. Nobody
will login directly on the machine. Only remote users will login, and for
them all is handled by NoMachine. You start NoMachine client on your local
machine, it connects to the server, starts up the LXDE desktop with the
remote NoMachine client as it's display. Nothing graphical gets shown on
the server. All I need is to hide those pesky shutdown/reboot buttons :)


2014-07-11 0:01 GMT+02:00 Israel <israeldahl at gmail.com>:

>  Hi Anders,
> I still think what you are looking for is SLiM
> https://en.wikipedia.org/wiki/SLiM
> Please check this out.  You can use SLiM instead of LightDM.
> There were no logout, or shutdown buttons present the last time I used it
> in Debian Wheezy
> And it provides a lighter login.
> Of course, you could remove LightDM and setup your computer to run startx
> (or whatever specific startup script Lubuntu uses... I can't remember off
> the top of my head) instead :)
>
>
> On 07/10/2014 03:12 PM, Anders Bruun Olsen wrote:
>
> Hi Nio,
>
>  The problem with going to the "real server guys" is that terminal
> servers are sort of halfway between the server/desktop divide, so some
> things fall on the desktop side, and some on the server side. This specific
> issue is how to get lxsession-logout to not show the shutdown/reboot
> buttons, which I would deem to belong on the desktop side of things. I may
> need to try the LXDE guys directly if nobody is able to help here. I just
> thought I would try the distro specific mailing list before going to the
> program specific one :)
>
>
> 2014-07-10 18:13 GMT+02:00 Nio Wiklund <nio.wiklund at gmail.com>:
>
>> Hi Anders,
>>
>> You can also ask in the Server Platforms Forum at
>>
>> http://ubuntuforums.org/forumdisplay.php?f=339
>>
>> where some real server guys will probably help you.
>>
>> Best regards/Nio
>>
>> 2014-07-10 16:07, Anders Bruun Olsen skrev:
>> > Hi,
>> >
>>  > Ehm.. a graphical desktop environment is sort of the point of a
>> terminal
>> > server. It provides remote desktops to users. It isn't for running a
>> > graphical desktop on a locally attached screen :)
>> > The issue here is two-fold:
>> >
>> > 1. If the graphical login-manager (lightdm) is running, all users who
>> > login to a desktop remotely can shut down the entire machine. This is
>> > not a good thing, but can be circumvented by killing off lightdm. This
>> > is fine when you use something like Nomachine, which takes care of
>> > spinning up a desktop session. But with LTSP you would probably run into
>> > problems, since it depends on having a DM handling login and spinning up
>> > desktop sessions. Although lightdm may be intelligent enough to actually
>> > know when users are remote on LTSP, and will refuse to allow them to
>> > shutdown the machine without proper rights. This may be a none-issue for
>> > LTSP. I don't use LTSP, so I can't say for sure. With Nomachine it is an
>> > issue.
>> >
>> > 2. Users can get confused when sitting in front of a thin client running
>> > the nomachine client. They want to shut down for the day and choose the
>> > shutdown menu on their Lubuntu desktop. Here the correct process is to
>> > choose logout and then shut down the thin client when logout has
>> > happened. But users don't usually think about the fact that this
>> > connects to a remote desktop, so pressing the shutdown button in the
>> > shutdown menu seems logical. They want to shut down their local machine.
>> > Unfortunately that button is meant to shut down the terminal server.
>> > When that does not work (they get the "access denied" message), most
>> > users get confused and go ask it-support for help. I just want to
>> > prevent this confusion, if possible :)
>> >
>> >
>> >
>> > 2014-07-10 14:53 GMT+02:00 Nio Wiklund <nio.wiklund at gmail.com
>>  > <mailto:nio.wiklund at gmail.com>>:
>>  >
>> >     2014-07-10 14:21, Anders Bruun Olsen skrev:
>> >     > Hi,
>> >     >
>> >     > I am looking to build a new terminal server for remote desktops
>> which
>> >     > will be accessed through NoMachine Enterprise. Lubuntu and LXDE
>> looks
>> >     > like a nice fit, but I have run into a couple of issues.
>> >     >
>> >     > I have a default install of Lubuntu 14.04 64-bit. I have created a
>> >     > non-privileged user (no sudo rights). I have also installed
>> NoMachine
>> >     > Enterprise Server. First thing I discovered was what I would
>> >     almost call
>> >     > a security issue. When my non-privileged user is logged in
>> remotely
>> >     > (with Nomachine Enterprise Client), choosing shutdown in the
>> logout
>> >     > dialog actually does shut down the server. How can this user shut
>> down
>> >     > the server, without root access? I found out, that if I ensure
>> lightdm
>> >     > isn't running (nobody will login locally), my unprivileged user
>> can't
>> >     > shut down the server, but will be asked for the password to a
>> >     privileged
>> >     > user, so I guess this is an issue with lightdm. Is this really
>> >     intended
>> >     > behavior?
>> >
>> >     I think it is made for desktop installation, where any user should
>> be
>> >     able to shut down the computer. But it is not suitable for a
>> server. I'm
>> >     glad you found a way to stop shutting it down with superuser
>> privileges.
>> >
>> >     But, many people will discourage the use of a graphical desktop
>> >     environment for a server. Do you really need it? Or maybe a simple
>> >     window manager like Openbox or Fluxbox would do?
>> >
>> >     >
>> >     > Next up, I would like to hide the shutdown and reboot buttons in
>> the
>> >     > logout dialog. The only way I have been able to find by searching,
>> >     is to
>> >     > actually change the source code for lxsession-logout and
>> recompile. Is
>> >     > there really no other way to hide those buttons?
>> >
>> >     Sorry, I don't know this, but think other people can help you with
>> it.
>> >
>> >     > --
>> >     > Anders Bruun Olsen
>> >     > It-ansvarlig
>> >     > Det Danske Sprog- og Litteraturselskab
>> >     > (Society for Danish Language and Literature)
>> >     >
>> >     >
>> >
>> >
>> >     --
>> >     Lubuntu-users mailing list
>>  >     Lubuntu-users at lists.ubuntu.com <mailto:
>> Lubuntu-users at lists.ubuntu.com>
>>  >     Modify settings or unsubscribe at:
>> >     https://lists.ubuntu.com/mailman/listinfo/lubuntu-users
>> >
>> >
>> >
>> >
>> > --
>> > Anders Bruun Olsen
>> > It-ansvarlig
>> > Det Danske Sprog- og Litteraturselskab
>> > (Society for Danish Language and Literature)
>>
>>
>
>
>  --
> Anders Bruun Olsen
> It-ansvarlig
> Det Danske Sprog- og Litteraturselskab
> (Society for Danish Language and Literature)
>
>
>
>
> --
> Regards
>
>
> --
> Lubuntu-users mailing list
> Lubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/lubuntu-users
>
>


-- 
Anders Bruun Olsen
It-ansvarlig
Det Danske Sprog- og Litteraturselskab
(Society for Danish Language and Literature)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/lubuntu-users/attachments/20140711/e6a0907a/attachment.html>

More information about the Lubuntu-users mailing list