Bug 1017977

Summary: Display manager does not require root password for shutdown or reboot
Product: [openSUSE] openSUSE Distribution Reporter: Dennis Golden <dgolden>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P5 - None CC: astieger, dgolden, wbauer
Version: Leap 42.2   
Target Milestone: ---   
Hardware: 64bit   
OS: openSUSE 42.2   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Dennis Golden 2017-01-04 00:51:06 UTC 
Display manager does not require root password for shutdown/reboot. I have specified root in Desktop->Display manager->DISPLAYMANAGER_SHUTDOWN and it never asks for the root password for shutdown or reboot. I have changed from sddm to kdm and it makes no difference. 

This has worked up through leap 42.1.

Worse yet, it doesn't require anyone to be logged in. It will allow shutdown from the login screen.

This is a show stopper for my servers.
Comment 1 Andreas Stieger 2017-01-04 08:33:06 UTC 
Wolfgang, is this a duplicate of bug 960306?
Comment 2 Ludwig Nussel 2017-01-04 09:41:40 UTC 
looks like it. DISPLAYMANAGER_SHUTDON should have been removed from xdm when the feature in kdm was dropped ... filed bug 1018045

*** This bug has been marked as a duplicate of bug 960306 ***