Bug 80070 - RFE: systemd-logind: allow "loginctl kill-session" for user's own session
Summary: RFE: systemd-logind: allow "loginctl kill-session" for user's own session
Status: RESOLVED FIXED
Alias: None
Product: systemd
Classification: Unclassified
Component: general (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: systemd-bugs
QA Contact: systemd-bugs
URL:
Whiteboard:
Keywords: security
Depends on:
Blocks:
 
Reported: 2014-06-15 22:53 UTC by Que Quotion
Modified: 2015-02-18 13:42 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Attachments

Description Que Quotion 2014-06-15 22:53:05 UTC
Currently SUID is required to kill-session.

This prevents users (without sudo access) from using loginctl to log out of their own session. 

This would be useful for users who don't have a third party session manager or have a broken session manager and need a "clean" means of logging out.

By "clean" I mean a way that ends a specific session, such as their currently logged in session, without affecting other sessions (owned by themselves or other users).

I don't think it's necessary to require SUID for this function. Users aren't allowed to kill processes that don't belong to them anyway, so it follows that a user would only be able to kill their own session(s). Perhaps this could be acheived with polkit?

Besides, users (with polkit) already have acess to systemctl shutdown, reboot, hibernate, and suspend; loginctl kill-session seems less serious.

+1: if kill-session can be allowed to users to end their own sessions, how about kill-user for users to end themselves?
Comment 1 Zbigniew Jedrzejewski-Szmek 2015-02-18 13:42:05 UTC
Implemented in http://cgit.freedesktop.org/systemd/systemd/commit/?id=c529695e7a.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.