Proper way to allow non-root to enter s3 sleep state

C

costco-hotdog

Recently installed FreeBSD 15 on a Dell Latitude 5490. S3 is supported but it's not an option from KDE Plasma as a power button action. I would assume this is due to permissions. Naturally,
acpiconf -s 3 fails if not root.

I've seen suggestions elsewhere to use sudo, allowing this command to be run without a password. However, is that the best way?
 
KDE (and GNOME, MATE, etc) typically use PolicyKit/ConsoleKit to set permissions on what a user (or group) can and cannot do. You might want to have a look in the /usr/local/etc/polkit-1/ directory.

This file is rather old, and I'm not sure if it'll work for KDE, but you can probably create similar rule files to allow a user to switch the system to standby. I've used the operator group, which is already allowed to shutdown or restart (shutdown(8)) on the command line.

Code: 
cat /usr/local/etc/polkit-1/rules.d/60-shutdown.rules
polkit.addRule(function (action, subject) {
  if ((action.id == "org.freedesktop.consolekit.system.restart" ||
      action.id == "org.freedesktop.consolekit.system.stop")
      && subject.isInGroup("operator")) {
    return polkit.Result.YES;
  }
});
 
You can also just simply close the laptop lid to suspend, provided configured accordingly.

Or, re-configure the power button to enter S3 instead of S5 (System shuts down cleanly and powers off). Suspend by power button might be inconvenient, the system needs to be shut down by command (poweroff(8)) or by PolicyKit/ConsoleKit in this case.

It might be possible to use the Fn + Backspace keys to put the machine to sleep (with acpi_ibm(4) loaded). The function is supported by sysctl oid hw.acpi.sleep_button_state: S3 on my machine. devd(8) running in foreground mode does give feedback on "Suspend" "Resume" when the keys are pressed, I have to investigate.

Suspend on lid close:
Rich (BB code): 
hw.acpi.lid_switch_state=S3

Suspend on power button (S5 default, see sysctl -a | grep hw.acpi):
Rich (BB code): 
hw.acpi.power_button_state=S3
The settings can be permanently saved in /etc/sysctl.conf.

Some models may require a drm-kmod driver for these settings to work. On a ThinkPad E15 AMD without the drm-kmod driver installed, the machine doesn't resume from suspend when the lid was closed (I havent tried power button suspend).
 
SirDice said:
KDE (and GNOME, MATE, etc) typically use PolicyKit/ConsoleKit to set permissions on what a user (or group) can and cannot do. You might want to have a look in the /usr/local/etc/polkit-1/ directory.

This file is rather old, and I'm not sure if it'll work for KDE, but you can probably create similar rule files to allow a user to switch the system to standby. I've used the operator group, which is already allowed to shutdown or restart (shutdown(8)) on the command line.

Code: 
cat /usr/local/etc/polkit-1/rules.d/60-shutdown.rules
polkit.addRule(function (action, subject) {
  if ((action.id == "org.freedesktop.consolekit.system.restart" ||
      action.id == "org.freedesktop.consolekit.system.stop")
      && subject.isInGroup("operator")) {
    return polkit.Result.YES;
  }
});
Click to expand...

I like the idea of PolicyKit. Here's what I put in /usr/local/etc/polkit-1/rules.d/60-acpi.rules:

JavaScript: 
polkit.addRule(function (action, subject) {
        polkit.log("action=" + action);
        polkit.log("subject=" + subject);

        var allowedAction = action.id == "org.freedesktop.consolekit.system.restart" ||
                action.id == "org.freedesktop.consolekit.system.stop" ||
                action.id == "org.freedesktop.login1.suspend";
        polkit.log("allowedAction=" + allowedAction);

        var localInteractiveUser = subject.session &&
                subject.session.local === true &&
                subject.session.seat !== null &&
                subject.session.active === true;
        polkit.log("localInteractiveUser=" + localInteractiveUser);

        if (allowedAction && localInteractiveUser) {
                polkit.log("ACPI rule matched");
                return polkit.Result.YES;
        }
});

Signed out and back in, cannot run acpiconf -s 3 or see Sleep as an option in KDE Plasma. All I see from cat /var/log/messages | grep polkit

Code: 
Jan 10 21:36:27 MyLaptop kernel: pid 82827 (polkit-kde-authenti), jid 0, uid 1001: exited on signal 10 (no core dump - process has trace disabled)

Either my rule is malformed or the polkit service isn't running?

Side note, I did try the operator group and seems to work. However, not sure what else that group grants. Since all I'm looking to do is grant any interactive, local user the ability to shutdown/restart/sleep, granular control would be preferable. (Plus, it's an opportunity to learn as this is my first time with BSD.)

fmc000 said:
zzz works just fine for me with my own user.
Click to expand...

zzz seems to be an alias for acpiconf -s 3, as it returns the exact same error message, when not root. Your system is likely configured differently than mine.
 
You must log in or register to reply here.
Back
Top