indicator-session menus are not policykit aware

this is a buig in indicator session missing the patch from bug #282610

Has there been any resolution with this bug?

Still present in Natty and very annoying as LTSP Thin Client users can shut down our terminal server. I wouldn't regard such a situation as priority low.

Oh, and IMHO this is a bug in LTSP in not providing proper configurations for ConsoleKit/PolicyKit. Indicator-Session just displays the stuff and is IMHO not where the real bug resides.

Just my 2¢: indicator-session is just a gui, the user should not have the right to shutdown the machine in the first place (consolekit, policykit or whatever allows him to do so).

indicator-session should check if the user has the right to do those actions, and hide the menus if not.
The problem isn't LTSP specific, it also applies to ssh -X, xdmcp, nx, x2go and more.

I proposed an alternative approach in LP bug #491940, with a patch for gnome-session that made the indicator-session menus reboot/shutdown the LTSP client instead of the server. Unfortunately it never got accepted in Gnome, though a similar one was accepted in LXDE.

what about the gui that appears with ctrl-alt-del allowing restart and poweroff?

That one is already policykit-aware, it grays out its options when the user has no reboot/shutdown rights.

We now put the following file into /etc/polkit-1/localauthority/30-site.d/ch.ethz.phys.desktop.pkla
http://sid.ethz.ch/ch.ethz.phys.desktop.pkla
on the machines, and it works just fine.

Gürkan Sengün wrote:
> We now put the following file into
> /etc/polkit-1/localauthority/30-site.d/ch.ethz.phys.desktop.pkla
> http://sid.ethz.ch/ch.ethz.phys.desktop.pkla on the machines, and it
> works just fine.

... except that the indicator applet still shows the menu entries for
shutdown and restart (but they just log you out) while they are greyed
out in the dialog box you get when you press Ctrl-Alt-Delete.

So the fact that the menu entries are still shown is the remaining bug
in indicator-applet-session.

  Regards, Axel
--
 ,''`. | Axel Beckert <email address hidden>, http://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
  `- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5

In Trusty, the relevant code has been rewritten to use logind instead of consolekit:
http://bazaar.launchpad.net/~indicator-applet-developers/indicator-session/trunk.14.04/revision/388

But note that when invoking org.freedesktop.login1.Manager->CanPowerOff() from a remote session, its output is:
"challenge"
instead of "yes" that an active (local) session produces.

That means that when indicator-session calls org.freedesktop.login1.Manager->PowerOff() with a "false" parameter to prevent prompting, then PowerOff() does nothing.

So, indicator-session should either
1) Hide the actions that return "challenge", or
2) Enable the prompt when the action specified "challenge".

(2) would allow remote users to shutdown the server, so I think everyone in this bug report prefer (1). :)

For anyone who might want to write a patch for this; I think the target areas are service.c:575 and backend-dbus/actions.c. You'll want to hook up CanReboot and CanPowerOff to the visibility functions, and hide Shut Down when that says you can't do it, AFAICS.