Modify power management settings of all to correctly handle user log out

CVNRneuroimaging / infrastructure

Issue tracking, system documentation and configs for operations side of the neuroimaging core @ Atlanta VA CVNR / Emory University

3 stars 2 forks source link

Modify power management settings of all to correctly handle user log out #155

Open rrmm opened 8 years ago

rrmm commented 8 years ago

(note to self). Replicate changes to the power settings policy to allow users to log out and only adm to power off. make into a script so this can be easily applied as new hosts are added.

rrmm commented 8 years ago

for ubuntu 14.04 see man pklocalauthority

see org.freedesktop.upower tree for the keys to change.

put a .pkla file into /etc/polkit-1/localauthority/50-local.d/

the basic stanza is

[Stanza name] Identity=unix-group:staff Action=com.example.awesomeproduct.* ResultAny=no ResultInactive=no ResultActive=yes

Identity is a semi-colon delimited set of globs to match, starting with unix-user:, unix-group: to specify what the globs match

ResultActive is result for a user in active local session

ResultInactive for inactive local users

ResultAny both

The value for these can be yes, no, auth_self, auth_self_keep, auth_admin, auth_admin_keep. The keep version will cache the authorization for a time for subsequent operations.

rrmm commented 8 years ago

pertinent actions:

org.freedesktop.upower.suspend org.freedesktop.upower.hibernate org.freedesktop.login1.power-off org.freedesktop.login1.power-off-multiple-sessions org.freedesktop.login1.reboot org.freedesktop.login1.reboot-multiple-sessions org.freedesktop.login1.suspend org.freedesktop.login1.suspend-multiple-sessions org.freedesktop.login1.hibernate org.freedesktop.login1.hibernate-multiple-sessions

rrmm commented 8 years ago

# disallow_user_power_changes.pkla
# put in /etc/polkit-1/localauthority/20-org.d or somewhere like it

[Disallow user from doing power related things]
Identity=unix-user:*
Action=org.freedesktop.upower.suspend;org.freedesktop.upower.hibernate;org.freedesktop.login1.power-off;org.freedesktop.login1.power-off-multiple-sessions;org.freedesktop.login1.reboot;org.freedesktop.login1.reboot-multiple-sessions;org.freedesktop.login1.suspend;org.freedesktop.login1.suspend-multiple-sessions;org.freedesktop.login1.hibernate;org.freedesktop.login1.hibernate-multiple-sessions
ResultAny=no
ResultActive=no
ResultInactive=no

rrmm commented 8 years ago

add infrastructure/config/disallow_user_power_changes.pkla to repo

rrmm commented 8 years ago

qballs[1-4] should have it set up now.