Shutdown gets stuck when secure file permission is enabled.

I try to enable “secure file permission” with 'Yast - Security center - use secure file permissions - configure" and change it to ‘secure’ from the default ‘easy’.

Now when I use the KDE shutdown button, the screen goes black with just a movable mouse. The shutdown process gets stuck here forever.

Ctrl+alt+f2 works so I can login as root and shutdown there.

I tried shutting down in the command line “shutdown 0” and it works fine. It’s just the KDE shutdown button doesn’t work.

Changing back to the default easy file permission then the issue is gone.

It’s been a while since I last tried that.

Just stick with easy permissions.

Is there a way to check what stopped the shutdown process? System logs are just too much to look at and I couldn’t find which message was related to the issue.

I’m not sure. Shutdown logs are messy.

As an experiment, you might try:

Logout from desktop.

Go to virtual terminal (CTRL-ALT-F1 for example).

Login as root.

Switch to non-graphic mode

telinit 3

Shutdown from the command line

shutdown -h now

and see if it stelll get stuck that way.

Maybe you missed that in my OP I said I could even shutdown by launching konsole and typing “sudo shutdown 0” instead of pressing the “power off” button from KDE. I didn’t need to turn off GUI.
I guess the difference is between the two commands “sudo shutdown 0” and the equivalent command of the KDE shutdown button

qdbus org.kde.ksmserver /KSMServer logout 0 1 2

.

More tests show that if I log out first using the KDE leave button, then “shutdown button” works in the login screen.

I guess the problem is somewhere in the KDE handling, thus before KDE submits a system shutdown. Thus I doubt there is something logged on the system level.

Those types of hardening will probably work best on server type systems that not have DEs or maybe even X installed.

Yes, I missed that.

I’m pretty sure that the more restrictive permissions are mostly for use with a server. When you are running desktop software, you likely need the easy permissions for everything to work.

I used the machine for a few days, and found most things would work normally with the restrictive files permission config, including playing games etc. Things like changing the wifi status would require a root pw prompt but that’s not a big deal atm.

I will try and see if I could find the solution some other day. For now, I will just launch the terminal and type the shutdown command manually.

Thank you for the input so far.

That seems reasonable.

Some of us can remember back to the time when that was the normal way of shutting down.