On Tue 05 Jan 2016 at 00:48:20 +0100, Michael Biebl wrote: > Am 04.01.2016 um 23:36 schrieb Floris: > > > > Maybe there is a reason. Why is the default rule: > > > > <action id="org.freedesktop.login1.power-off-multiple-sessions"> > > <allow_any>auth_admin_keep</allow_any> > > <allow_inactive>auth_admin_keep</allow_inactive> > > <allow_active>yes</allow_active> > > </defaults> > > > > instead of > > ... > > <allow_active>auth_admin_keep</allow_active> > > ... > > The reasoning here is, that someone who is active and local has physical > access, so could shutdown the system via other means anyway (pull the plug).
I see the argument, it is explained more fully at https://lists.debian.org/debian-devel/2015/08/msg00354.html , but am not completely persuaded by the "annoyance" factor. In the early days of systemd the default was indeed auth_admin_keep for active users. I have not tried policykit from experimental but believe the format of a localauthority file has changed to use JavaScript. Will present .pkla files continue to work with this version of policykit?
