Why logging into KDE as standard user can operate a root command?

[ikevin8me]

I’d to ask a question: why logging into KDE as a standard user (ie. not part of wheel group) is able to successfully execute “poweroff”?

To clarify my question:

If I boot up and login via command prompt (ie. not a desktop environment) or I ssh into the machine as a standard user, I cannot execute “poweroff”.

However, if I boot up the machine and log into KDE as a standard user, I can operate via the graphical environment to shutdown the computer. Why and how does this standard user able to execute an operation meant for root?

 

[zirias@]

KDE doesn't execute "poweroff" either. It sends a dbus message to ConsoleKit, which checks the permission (in the default configuration, a local(!) session is required for these commands) and then executes the actual command with root privileges.

I do the same e.g. from my fvwm-menu, using the following command for shutdown:

dbus-send --system --print-reply --dest="org.freedesktop.ConsoleKit" /org/freedesktop/ConsoleKit/Manager org.freedesktop.ConsoleKit.Manager.Stop

 

[SirDice]

Note that without KDE, DBus, ConsoleKit or any other DE, on FreeBSD a member of the operator group is able to shutdown or reboot the machine.

But yes, a lot of "magic" is happening with DBus and specifically ConsoleKit. ConsoleKit was introduced to allow administrators a bit more fine grained control over what a user is or isn't allowed to do. Things that seem "normal" for a regular desktop user to do, like mounting a USB stick or shutting down the machine.

 

[zirias@]

But yes, a lot of "magic" is happening with DBus and specifically ConsoleKit. ConsoleKit was introduced to allow administrators a bit more fine grained control over what a user is or isn't allowed to do. Things that seem "normal" for a regular desktop user to do, like mounting a USB stick or shutting down the machine.

IMHO, this "magic" makes sense. On your desktop machine, as a local user, you expect to be able to do certain things. ConsoleKit makes sure to distinguish from remote logins, which don't get the privileges. You need a running local ConsoleKit-session

It also allows to configure all the policies if you want to change the default behavior. Unfortunately, this configuration is far from intuitive and simple. Google for consolekit (and polkit) to find more info

Most Linux dists moved away from ConsoleKit and instead use logind (which is part of systemd). Unfortunately, this improves exactly nothing

 

[SirDice]

Unfortunately, this configuration is far from intuitive and simple.

Yeah, they could have made this a little easier to do. It's highly customizable but it's a royal pain to figure out, documentation is severely lacking too, that doesn't help either.

 

[Alain De Vos]

For the record, non-systemd-linuxes use elogind,

GitHub - elogind/elogind: The systemd project's "logind", extracted to a standalone package

The systemd project's "logind", extracted to a standalone package - elogind/elogind

github.com