When a the shutdown and halt binaries have the +s bit, they are allowed to be run as users. The shutdown program only looks if the user can sudo shutdown/sudo reboot. The shutdown program should also work if the +s bit is set on the halt/reboot binaries.
(In reply to comment #0) > When a the shutdown and halt binaries have the +s bit, they are allowed to be > run as users. The shutdown program only looks if the user can sudo > shutdown/sudo reboot. The shutdown program should also work if the +s bit is > set on the halt/reboot binaries. The ability to reboot/halt from xfce should be disabled altoghether. It belongs to the display manager, where you are not logged in. If you can call it from the logged in user session, any Trojan can do as well. There is no need to make the same mistakes as Windows. It's really not that inconvenient to do this from the Display Manager, after having logged out first. If someone really needs to reboot directly out of xfce, he can write an additional program (or have it written), but xfce should not propagate this wrong behaviour.
(In reply to comment #0) > When a the shutdown and halt binaries have the +s bit, they are allowed to be > run as users. The shutdown program only looks if the user can sudo > shutdown/sudo reboot. The shutdown program should also work if the +s bit is > set on the halt/reboot binaries. Read the section 'Shutting down your computer using the session manager' in xfce4-session/README.
(In reply to comment #1) > The ability to reboot/halt from xfce should be disabled altoghether. It belongs > to the display manager, where you are not logged in. If you can call it from the > logged in user session, any Trojan can do as well. There is no need to make the > same mistakes as Windows. It's really not that inconvenient to do this from the > Display Manager, after having logged out first. > If someone really needs to reboot directly out of xfce, he can write an > additional program (or have it written), but xfce should not propagate this > wrong behaviour. You don't need to install/setup sudo if you are afraid of trojans shutting down/rebooting your computer.
And on a side note: If a trojan shuts down your computer, this is caused by misconfiguring sudo, not Xfce's fault after all.
(In reply to comment #4) > And on a side note: If a trojan shuts down your computer, this is caused by > misconfiguring sudo, not Xfce's fault after all. I know it's not xfce's fault, I just think xfce4 should not support it and advise people to first log out and then reboot. You could also add a reboot menu item in a web browser that only works with properly configured systems, but I think it does not belong there. Before you think I'm being silly: I've seen CD burning programs with a shutdown option after burning option has completed. Ca be very useful as well, if you happen to want to shutdown, but doesn't belong into a CD burning suite. I prefer a clean design to being able to do everything from everywhere, anytime.
(In reply to comment #5) > I know it's not xfce's fault, I just think xfce4 should not support it and > advise people to first log out and then reboot. You could also add a reboot menu > item in a web browser that only works with properly configured systems, but I > think it does not belong there. Before you think I'm being silly: I've seen CD > burning programs with a shutdown option after burning option has completed. Ca > be very useful as well, if you happen to want to shutdown, but doesn't belong > into a CD burning suite. > I prefer a clean design to being able to do everything from everywhere, anytime. Honestly, comparing a webbrowser/cd burning app to a session manager sounds like comparing apples and eggs to me. Try to see it this way: A Display Manager manages a X display and a Session Manager manages a X session. Both are considered desktop services (not desktop applications like e.g. a webbrowser). Now at some time in history, one thought of an idea 'Hey lets include a shutdown option in the GNOME display manager' and voila, gdm now offers a shutdown option, which is by the way _enabled_ by default in most installations. In a similar way, we added a shutdown option to xfce4-session, which is _disabled_ by default. I don't see why its valid for a display manager to have a shutdown option, but why its not ok for a session manager? The functionality is very useful, esp. for users like me, who use plain XDM (which doesn't include a shutdown option... oh, wait, what was the excuse for GDM to have a shutdown option?). xfce4-session's shutdown option is disabled by default (if the admin hadn't messed with sudo earlier) and the admin/user need to explicitly enable it, so he/she should be aware of what he's doing; if he/she's not... I'm sorry, but we don't sell brains this year...). On the `clean design': The current shutdown helper design is very good IMHO. Instead of reinventing the wheel in a critical area, we use the well known and well established security tool sudo. xfce4-session offers no suid programs and therefore critical a bug in xfce4-session affects only the stability of the users session and/or the users data, but not the system state in any way. Thats up to sudo and the admin; if he/she misconfigures sudo, its not Xfce's fault and you cannot blame it on Xfce, because Xfce neither requires sudo to work properly nor does it encourage users/admins to use it. Its an option, which is - surprise, surprise - highly optional. Not supporting an option, which is disabled by default and requires explicit activation, just because the user could should himself into the foot is a really useless argument. This way we wouldn't have cars today, not even fire.
further, you can leave sudo set up to require a password, and xfce4-session will prompt you for one. if a user wants to set it up so they can shut down their machine passwordless via xfce, then they have to explicitly do so. essentially, we're giving the user the power to do whatever they want to do, but, in true unix tradition, if you screw it up, you get to keep the pieces. as benny has stressed, this functionality is disabled by default, so there's no harm done if you don't use it. *** at any rate, this is a bug tracker, not a discussion forum. if you still have problems with how xfce4-session handles shutdown, i suggest you move this to the xfce4-dev list. this is about fixing bugs, not bitching about things you don't like about xfce. ***