Solved I have suspend rights without CK rules

A

abishai

I'm still returning to FreeBSD desktop from 2 years of Linux, I hit another issue I never had before.

As far I can remember, to provide rights to shutdown the system I need to write CK rules, however xfce shows I can reboot, shutdown, hibernate and suspend and not only shows, but actually to it.

How I can remove some of rights and how I got them?
Code: 
abishai@testbsd:~ % groups abishai
abishai
Code: 
abishai@testbsd:~ % doas ls -la /usr/local/etc/polkit-1/rules.d
total 11
drwx------  2 polkitd  wheel  3 Aug 21 13:41 .
drwx------  4 root  wheel  4 Aug 21 13:41 ..
-rw-r--r--  1 root  wheel  326 Aug 21 13:41 50-default.rules
Code: 
abishai@testbsd:~ % cat ~/.xinitrc
#xset +fp /usr/local/share/fonts/terminus-font/
#xrdb -merge ~/.Xdefaults
xset b off
exec startxfce4 --with-ck-launch
If I remove ck-launch, I'm lossing all rights except log off, so this is consolekit.
 
SirDice said:
Is your user a member of the wheel group?
Click to expand...
I'm not certain, but the operator group may also have suspend rights. Certainly on older APM systems, /dev/apm* has operator write permission. /dev/acpi, on the other hand, does not, but the fact that operator can do some types of shutdown and appears to have APM permission makes me suspect it might work for ACPI as well (I just didn't positively spot the precise mechanism that would allow it, and wasn't inclined to test it).
 
I'm the member of personal group only (abishai:abishai). I don't have 'normal' rights to shutdown the system and I'm getting them only of session started with ck support ( --with-ck-launch or with slim with ck option)
 
Reinstalled everything from scratch. Still all rights. Will write to mailing lists, I don't understand that.
 
1. --with-ck-launch is incorrect way to load xfce. CK is fired from dbus. If you use this option you will get all rights.
2. polkit has rights issue - it can't read /usr/local/etc/polkit-1, you must set user to polkitd
3. x11/slim has consolekit support compiled in by default. Effect is similar as for --with-ck-launch. You sould disable this as well.

Only after this, polkit rules start to make sence for xfce.
 
You must log in or register to reply here.
Back
Top