doc:appunti:linux:sa:nis
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
doc:appunti:linux:sa:nis [2020/12/16 12:06] – [NIS users unable to poweroff/reboot or manage printers] niccolo | doc:appunti:linux:sa:nis [2020/12/16 15:43] – [NIS users unable to poweroff/reboot or manage printers] niccolo | ||
---|---|---|---|
Line 224: | Line 224: | ||
====== NIS users unable to poweroff/ | ====== NIS users unable to poweroff/ | ||
- | We experienced a problem with an **Ubuntu 20.04** Focal Fossa used as **NIS client**: some tasks were inhibited because the user - despite it was **logged-in locally** on the physical machine - it was considered **as a remote** one. | + | We experienced a problem with an **Ubuntu 20.04** Focal Fossa used as **NIS client**: some tasks were inhibited because the user - despite it was **logged-in locally** on the physical machine - it was considered **non interactive** one. |
- | FIXME What the errors? | + | One symptom can be the following error message when you issue the **reboot** command into a terminal session: |
- | It turned out that the **[[https://wiki.debian.org/PolicyKit|PolicyKit]]** authorization manager is enabled | + | < |
+ | Failed to set wall message, ignoring: Interactive authentication required. | ||
+ | Failed to power off system via logind: Interactive authentication required. | ||
+ | Failed to open initctl fifo: Permission denied | ||
+ | Failed to talk to init daemon. | ||
+ | </code> | ||
- | | + | Using the command |
- | * **[[https:// | + | </code> |
+ | < | ||
+ | ==== AUTHENTICATING FOR org.freedesktop.login1.reboot-multiple-sessions === | ||
+ | Authentication is required for rebooting the system while other users are logged in. | ||
+ | </ | ||
+ | |||
+ | Choosing to reboot or poweroff from the various **desktop applets** produces instead just a **session close**. | ||
+ | |||
+ | |||
+ | It turned out that the **[[https:// | ||
+ | |||
+ | One solution is to create a file on the NIS client, name **/ | ||
+ | |||
+ | < | ||
+ | [Allow Printer administration for NIS users] | ||
+ | Identity=unix-group: | ||
+ | Action=org.opensuse.cupspkhelper.mechanism.* | ||
+ | ResultAny=yes | ||
+ | |||
+ | [Allow halt power-off and reboot for NIS users] | ||
+ | Identity=unix-group: | ||
+ | Action=org.freedesktop.login1.halt*; | ||
+ | ResultAny=yes | ||
+ | </ | ||
+ | |||
+ | To make the new policy effective, issue the command: | ||
+ | |||
+ | < | ||
+ | systemctl restart polkit.service | ||
+ | </ | ||
+ | |||
+ | The syntax of the file is explained into the **[[https:// | ||
+ | |||
+ | First of all usint the **Identity** option we select the users interested into that policy. For managing printers we required the user to belong to the **lpadmin** and **adm** groups. The first group is the standard Debian group to manage printers, whereas the **adm** group is an arbitrary group assigned to some users by the NIS server (see the page **[[https:// | ||
+ | |||
+ | For the **Action** part we had to discover the name of the printer management and the poweroff/ | ||
+ | |||
+ | < | ||
+ | pkaction | grep cupspkhelper | ||
+ | org.opensuse.cupspkhelper.mechanism.all-edit | ||
+ | org.opensuse.cupspkhelper.mechanism.class-edit | ||
+ | org.opensuse.cupspkhelper.mechanism.devices-get | ||
+ | org.opensuse.cupspkhelper.mechanism.job-edit | ||
+ | org.opensuse.cupspkhelper.mechanism.job-not-owned-edit | ||
+ | org.opensuse.cupspkhelper.mechanism.printer-enable | ||
+ | org.opensuse.cupspkhelper.mechanism.printer-local-edit | ||
+ | org.opensuse.cupspkhelper.mechanism.printer-remote-edit | ||
+ | org.opensuse.cupspkhelper.mechanism.printer-set-default | ||
+ | org.opensuse.cupspkhelper.mechanism.printeraddremove | ||
+ | org.opensuse.cupspkhelper.mechanism.server-settings | ||
+ | </ | ||
+ | |||
+ | For the reboot/ | ||
+ | |||
+ | < | ||
+ | org.freedesktop.login1.halt | ||
+ | org.freedesktop.login1.hibernate | ||
+ | org.freedesktop.login1.power-off | ||
+ | org.freedesktop.login1.reboot | ||
+ | org.freedesktop.login1.suspend | ||
+ | </ | ||
+ | |||
+ | each of them have some sub-actions: | ||
+ | |||
+ | < | ||
+ | pkaction | grep org.freedesktop.login1.power-off | ||
+ | org.freedesktop.login1.power-off | ||
+ | org.freedesktop.login1.power-off-ignore-inhibit | ||
+ | org.freedesktop.login1.power-off-multiple-sessions | ||
+ | </ | ||
+ | |||
+ | Finally the problem-solving option is **ResultAny**, | ||
+ | |||
+ | < | ||
+ | ResultAny=no | ||
+ | ResultInactive=no | ||
+ | ResultActive=yes | ||
+ | </ |
doc/appunti/linux/sa/nis.txt · Last modified: 2020/12/16 16:27 by niccolo