# How to Shutdown and Reboot in XFCE4



## noz (Aug 13, 2010)

*How to Shutdown and Reboot in XFCE4
For the Practical Man*


Description and Reason:
You just installed XFCE4 for FreeBSD but can't shutdown or reboot.  Errors would show up that look like this:

[font="Courier New"]org.freedesktop.hal.power-management.shutdown no <-- (action, result)
org.freedesktop.hal.power-management.reboot no <-- (action, result)[/font]​
You're getting these errors because PolicyKit is reporting to the system that you don't have the authorization to do the requested action.


Quick Fix:
Allow all users to shutdown and reboot:
`# polkit-action --set-defaults-any org.freedesktop.hal.power-management.shutdown yes`
`# polkit-action --set-defaults-any org.freedesktop.hal.power-management.reboot yes`


Fix:
This will involve two commandline tools used for PolicyKit administration: polkit-action(1) and polkit-auth(1).  Lets familiarize ourselves with these tools just enough so that we can figure out how to solve our problem.  By the way, I always have HAL and DBUS enabled in my /etc/rc.conf.  I don't know if it's required but lets just say that it is, because my keyboard and mouse dies if I disable them.  Okay, lets continue.




polkit-action(1):
This is used to control the policies of each action; actions such as shutdown and reboot.


List actions supported by PolicyKit:
`$ polkit-action`


Get details of an action:
`$ polkit-action --action ACTION`
ACTION is one of the actions listed from invoking the command with no arguments.​

Change the policy of an action:
`# polkit-action --set-defaults-any ACTION VALUE`
ACTION is one of the actions listed from invoking the command with no arguments.​VALUE can be one of several values, but we'll only concern ourselves with two of them: [font="Courier New"]yes[/font] and [font="Courier New"]auth_admin_keep_always[/font].  Use the former if you want to allow anyone to perform the action.  Use the latter if only administrators are allowed.  [font="Courier New"]auth_admin_keep_always[/font] will require you to authenticate yourself as a member of the wheel group (check /usr/local/etc/PolicyKit/PolicyKit.conf for [font="Courier New"]define_admin_auth[/font]).  The "keep always" part means you'll only have to authenticate once.  We'll get to authentication in a bit.​

Reset an action to its default policy:
`# polkit-action --reset-defaults ACTION`
ACTION is one of the actions listed from invoking the command with no arguments.​

List actions that aren't using their default policy:
`$ polkit-action --show-overrides`


That's all you need to know about polkit-action(1).  If you used [font="Courier New"]yes[/font] as the value for the [font="Courier New"]--set-defaults-any[/font] option, you're done!  The changes should be immediate.  You don't need to reboot, you don't even need to logout->login.  However, if you've chosen [font="Courier New"]auth_admin_keep_always[/font], continue reading.




polkit-auth(1):
This is used to authenticate yourself to PolicyKit.  You don't need to use sudo or become root, so you should log in as the user trying to authenticate.


List actions you're allowed to perform:
`$ polkit-auth`
If you get an error like this:
[font="Courier New"][WARN XXXX] Cannot lookup information for pid XXXX: No such file or directory
polkit-auth: This operation requires the system message bus and ConsoleKit to be running[/font]​You'll need to mount procfs by doing the following:
1) Add [font="Courier New"]proc  /proc  procfs  rw  0  0[/font] to your /etc/fstab
2) [font="Courier New"]# mount /proc[/font]​

List actions that require authentication:
`$ polkit-auth --show-obtainable`


Authenticate for an action:
`$ polkit-auth --obtain ACTION`
ACTION is one of the actions listed from [font="Courier New"]$ polkit-auth --show-obtainable[/font].  After successful authentication, the action will appear when you invoke [font="Courier New"]$ polkit-auth[/font] and disappear from [font="Courier New"]$ polkit-auth --show-obtainable[/font].​

Revoke authentication:
`$ polkit-auth --revoke ACTION`
ACTION is one of the actions listed from invoking [font="Courier New"]$ polkit-auth[/font].  After this command, the action will appear back in the list given by the [font="Courier New"]--show-obtainable[/font] option.​

That's it!  This started out as a guide for shutdown and reboot, but it's really about basic PolicyKit administration.  At this point, the commands under "quick fix" should be clear.  You should also have an idea on how to enable other PolicyKit controlled actions such as auto-mounting.  Try it!


----------



## wblock@ (Aug 13, 2010)

It looks like you're doing the equivalent of adding

```
<match user="myuser">
  <return result="yes"/>
</match>
```

to PolicyKit.conf.  I'm not convinced this is easier, but it's interesting to see an alternative.


----------



## DutchDaemon (Aug 13, 2010)

That's about what I did: change the XML file and put my account in the proper group.


----------



## noz (Aug 13, 2010)

wblock said:
			
		

> It looks like you're doing the equivalent of adding
> 
> ```
> <match user="myuser">
> ...





			
				DutchDaemon said:
			
		

> That's about what I did: change the XML file and put my account in the proper group.



It's a little bit more involved, especially if you're the only user on the system.  I still prefer this method though because there's no need to remember where the PolicyKit.conf is when you need to edit a policy, and you don't have to worry about correct syntax or typographical errors or even being in the proper group (if you used [font="Courier New"]yes[/font] as the value to [font="Courier New"]--set-defaults-any[/font]).


----------



## DutchDaemon (Aug 13, 2010)

I am the only user on my system (laptop), and that's all I did to get XFCE to reboot/shutdown. Really. And there's nothing remotely complex about it ..


----------



## kpedersen (Aug 13, 2010)

wblock said:
			
		

> It looks like you're doing the equivalent of adding
> 
> ```
> <match user="myuser">
> ...



Currently I have to do this for every user account added to the system.

Is there a way of returning result="yes" for any user which is part of the *operator* group for example?


----------



## wblock@ (Aug 14, 2010)

kpedersen said:
			
		

> Currently I have to do this for every user account added to the system.
> 
> Is there a way of returning result="yes" for any user which is part of the *operator* group for example?



Doesn't look like it.  Best I've found so far is to "or" the usernames:

```
<match user="jsmith|ksmith">
  <return result="yes"/>
</match>
```


----------



## noz (Aug 14, 2010)

kpedersen said:
			
		

> Currently I have to do this for every user account added to the system.
> 
> Is there a way of returning result="yes" for any user which is part of the *operator* group for example?



I'm not sure if it will work but you can try this:

In your PolicyKit.conf you should find a block of code that looks like this:


```
<config version="0.1">
    <match user="root">
	<return result="yes"/>
    </match>
    <define_admin_auth group="wheel"/>
</config>
```

Between the config tags, add the following:

```
<define_admin_auth group="operator"/>
```

Then do:
`# polkit-action --set-defaults-any ACTION auth_admin_keep_always`
Replace ACTION with the action you want to grant.

To see a list of PolicyKit actions, do the following:
`$ polkit-action`


When you create a new user, perform the following steps under the new account to obtain permission to ACTION.  You can also tell the user to do this since it does not require sudo or root access.

`$ polkit-auth --show-obtainable`
Whatever action you set to [font="Courier New"]auth_admin_keep_always[/font] should be listed.

`$ polkit-auth --obtain ACTION`
A prompt will appear asking for the user password.  Enter the password and the user should now be able to perform ACTION.

To verify the action is now permitted:
`$ polkit-auth`

Note: If this works, I believe it will cause both groups (wheel and operator) to have access to the same actions.  I'm not exactly sure how to grant different actions to different groups, or if it's even possible.


----------



## DutchDaemon (Aug 14, 2010)

```
<define_admin_auth group="wheel|operator"/>
```

works fine for me. A single edit.


----------



## nu2fbsd (Aug 24, 2010)

This is what I get on `# polkit-auth`

```
[WARN  1426] failed to load configuration file: /usr/local/etc/PolicyKit/PolicyKit.conf:22: parse error: mismatched tag
```


----------



## SirDice (Aug 24, 2010)

You have an error in your /usr/local/etc/PolicyKit/PolicyKit.conf file.


----------



## nu2fbsd (Aug 25, 2010)

The error in my PolicyKit.conf was two missing </match> tags. Thanks for the help


----------



## varnie (Oct 27, 2010)

Hello.

This morning I updated my ports and somehow "shut down', 'reboot' options became disabled in XFCE4. Before this update everything worked well!
I have PolicyKit.conf configured, have hald and dbus, and linux_support enabled in /etc/rc.conf.

Any help? Maybe I have to perform downgrade of some ports?

ps: I remember nvidia-drivers being updated at this time, maybe there have been any problems?


----------



## noz (Oct 27, 2010)

Are you getting an error message of any kind?  Have you tried the commands under the "quick fix" section?


----------



## varnie (Oct 27, 2010)

@*noz*
Nope, no error messages. buttons are disabled so there's no way to click them. Yes, I have tried that command under the 'quick fix' section but no luck.


----------



## noz (Oct 27, 2010)

Are you able to shutdown/reboot from the commandline as a normal user?  If not, any errors?


----------



## varnie (Oct 27, 2010)

@*noz*

Yes, I can perform shutdown as normal user without any problems.

BTW, I figured out that my HALD doesn't start at startup in spite of the fact it is written in /etc/rc.conf!
When I start it manually as root user, the XFCE4 buttons 'Shutdown'/'Reboot' became available!

Any ideas how to make HALD start automatically at FreeBSD startup?


----------



## SirDice (Oct 27, 2010)

varnie said:
			
		

> Any ideas how to make HALD start automatically at FreeBSD startup?


Are you sure the line in /etc/rc.conf is correct?


----------



## varnie (Oct 27, 2010)

*SirDice*

This line has been there for ages, yes. Well, looked through the file once again. Here it is:

```
hald_enable="YES"
dbus_enable="YES"
```

As I stated in another thread, I think it is a fresh HALD/DBUS bug.


----------



## varnie (Nov 9, 2010)

no need to duplicate my posts.
The problem has been solved after upgrading to *hal-0.5.14_10* and *dbus-1.4.0* now.


----------



## mdg583 (Nov 11, 2010)

The issue I get with shutting down xfce is the if I am using the slim display manager, sometimes it doesn't auto-login on the next boot properly. For now I just push my computers actual power button to initiate a shutdown, and as far as I can tell that causes me no problems.


----------



## jimheard (Feb 13, 2012)

*Thanks for a helpful how-to*

Just wanted to thank the OP for a very helpful how-to.  I've wasted way too much time trying to get FreeBSD to let me shut down as a normal user.  This solution worked on the first try!  By the way, it works fine with LXDE too.


----------



## AntumDeluge (Jan 1, 2015)

kpedersen said:


> Currently I have to do this for every user account added to the system.
> 
> Is there a way of returning result="yes" for any user which is part of the *operator* group for example?


Not sure if this was available until recently but, the solution that I've come up with is to add the following to /usr/local/etc/PolicyKit/PolicyKit.conf between the "config" tags:

```
<match action="org.freedesktop.hal.power-management.shutdown">
  <return result="yes"/>
  </match>

  <match action="org.freedesktop.hal.power-management.reboot">
  <return result="yes"/>
  </match>
```
I currently only have one user on my system so it hasn't been thoroughly tested. But, I believe this works for ALL users. Not sure how you would do it for only members of group "operator". Perhaps add _group="operator"_ to the "match" tag?

I feel like this should be the default behavior.

I am using LXDE. Hope this is helpful.


----------

