Bug 80070

Summary: RFE: systemd-logind: allow "loginctl kill-session" for user's own session
Product: systemd Reporter: Que Quotion <quequotion>
Component: generalAssignee: systemd-bugs
Status: RESOLVED FIXED QA Contact: systemd-bugs
Severity: normal    
Priority: medium Keywords: security
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Que Quotion 2014-06-15 22:53:05 UTC 
Currently SUID is required to kill-session.

This prevents users (without sudo access) from using loginctl to log out of their own session. 

This would be useful for users who don't have a third party session manager or have a broken session manager and need a "clean" means of logging out.

By "clean" I mean a way that ends a specific session, such as their currently logged in session, without affecting other sessions (owned by themselves or other users).

I don't think it's necessary to require SUID for this function. Users aren't allowed to kill processes that don't belong to them anyway, so it follows that a user would only be able to kill their own session(s). Perhaps this could be acheived with polkit?

Besides, users (with polkit) already have acess to systemctl shutdown, reboot, hibernate, and suspend; loginctl kill-session seems less serious.

+1: if kill-session can be allowed to users to end their own sessions, how about kill-user for users to end themselves?
Comment 1 Zbigniew Jedrzejewski-Szmek 2015-02-18 13:42:05 UTC 
Implemented in http://cgit.freedesktop.org/systemd/systemd/commit/?id=c529695e7a.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.