我相信這是很多使用fedora用戶的一大心病,這個版本shutdown需要管理員權限,但reboot,halt之類全都不要,甚至sudo都用不着。自己用無所謂,但如果給別人提供了賬戶,開了ssh的,這可就是個大問題了。有個笑話,fedora論壇有人報告某次更新後要管理員密碼才能關機,麻煩死了,有人回覆,你怎麼做到的教我吧。
在寫這篇文章之前,我把我能找到的解決辦法都試過了,沒有一個行的。不廢話,給解決辦法:
chmod 750 `which systemctl`
這個版本fedora不能用以前的解決辦法,目測就是因爲引入了新的系統控制命令systemctl。執行systemctl --help:
systemctl [OPTIONS...] {COMMAND} ...
Query or send control commands to the systemd manager.
-h --help Show this help
--version Show package version
-t --type=TYPE List only units of a particular type
-p --property=NAME Show only properties by this name
-a --all Show all units/properties, including dead/empty ones
--failed Show only failed units
--full Don't ellipsize unit names on output
--fail When queueing a new job, fail if conflicting jobs are
pending
--ignore-dependencies
When queueing a new job, ignore all its dependencies
--kill-who=WHO Who to send signal to
-s --signal=SIGNAL Which signal to send
-H --host=[USER@]HOST
Show information for remote host
-P --privileged Acquire privileges before execution
-q --quiet Suppress output
--no-block Do not wait until operation finished
--no-wall Don't send wall message before halt/power-off/reboot
--no-reload When enabling/disabling unit files, don't reload daemon
configuration
--no-legend Do not print a legend (column headers and hints)
--no-pager Do not pipe output into a pager
--no-ask-password
Do not ask for system passwords
--order When generating graph for dot, show only order
--require When generating graph for dot, show only requirement
--system Connect to system manager
--user Connect to user service manager
--global Enable/disable unit files globally
-f --force When enabling unit files, override existing symlinks
When shutting down, execute action immediately
--root=PATH Enable unit files in the specified root directory
--runtime Enable unit files only temporarily until next reboot
-n --lines=INTEGER Journal entries to show
--follow Follow journal
-o --output=STRING Change journal output mode (short, short-monotonic,
verbose, export, json, cat)
******************************此處省略************************************
System Commands:
default Enter system default mode
rescue Enter system rescue mode
emergency Enter system emergency mode
halt Shut down and halt the system
poweroff Shut down and power-off the system
reboot Shut down and reboot the system
kexec Shut down and reboot the system with kexec
exit Request user instance exit
switch-root [ROOT] [INIT] Change to a different root file system
suspend Suspend the system
hibernate Hibernate the system
看最後的部分,poweroff/reboot/halt之類都是作爲參數傳進去的。修改權限後執行:
$ reboot
bash: /bin/reboot: Permission denied
甚至:
$ which reboot
/usr/bin/which: no reboot in (/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/zgm/.local/bin:/home/zgm/bin)
當然,不是systemctl控制部分的命令不受影響:
$ which df
/bin/df
$ df
Filesystem 1K-blocks Used Available Use% Mounted on
devtmpfs
tmpfs
tmpfs
/dev/sdb2
tmpfs
tmpfs
/dev/sdb1
/dev/sdb3 ********************保密********************
理所應當的,必須修改sudoers,用visudo修改,退出時會做語法檢查,如何修改不在此贅述。
做完這一步,一般用戶在控制檯算是沒法了。但在gnome3裏面,shutdown/reboot/suspend全都可以,不需要輸入管理員密碼噢。費解的是,shutdown不應該可以啊,這個程序本身就是要管理員權限。在此,需要介紹另一個程序:PolicyKit。
有關policykit的工作機制,請參考這。有關其使用和語法,請參考這。
全是英文文檔,大家耐心讀吧。讀完以後,需要修改這兩個文件:
/usr/share/polkit-1/actions/org.freedesktop.login1.policy
/usr/share/polkit-1/actions/org.freedesktop.upower.policy
建議把其中所有授權全改爲“auth_admin”。
特別的是,用vim修改的同學,一定要清除vim自動生成的以“~”結尾的備份文件。policykit的授權是按照“文件名先後順序+action先後順序”授權的,後面的授權會覆蓋前面的授權。
###########################################################################################################
fedora 18已完全解決這個問題,policykit和sudo都嚴格了。這篇文章大家可以無視了。