Newcomers to opensolaris might be surprised that the option to shutdown the machine isn't available to a desktop user by default. This makes perfect sense on a server which may run for months without requiring a reboot. It also makes sense in a Sun Ray environment where you don't want to allow an individual user to shutdown a system which may be shared with many others. But if you've installed opensolaris on an ordinary single user desktop P.C. or one of these nifty X86/X64 based Sun workstations, chances are you're going to want to shut it down eventually.
The simplest way of accomplishing this is to use an option in the GNOME Display Manager (GDM). But by default, Solaris uses dtlogin for its display manager. So the first step is to disable dtlogin and enable gdm.
Login via a remote shell or a console terminal session.
svcadm enable -s gdm
GDM should appear as your display manager.
Now enable GDM's shutdown menu:
Edit /etc/X11/gdm/gdm.conf and change the following line:
Another method would be to use Role Based Access Control (RBAC) to enable shutdown only for specific users and create pfexec launchers for these users. Ben Rockwood's blog has a good introduction to RBAC.
To allow a user to run the shutdown command, you would do something like this:
Edit /etc/security/exec_attr and add the following profile:
Add this profile to /etc/user_attr
yourusername :::: profiles=Shutdown
Then your user can shutdown with /usr/bin/pfexec /usr/sbin/shutdown
Update:User reboot of Solaris Containers (a.k.a. zones)!
I almost forgot, Ghee suggested that it would be safer to only allow users to reboot their zone. This method has some interesting possibilities, especially in university or development environments. Follow Gleb's excellent example to create a zone, give it an ip adress and hostname. Change the RBAC steps above to allow your user access to /usr/sbin/reboot and create a pfexec reboot launcher. Now use your global zone's dtlogin chooser to xdmcp login to the zone. (Note: if you've configured gdm in your global zone, you'll have to enable its xdmcp chooser by editing /etc/X11/gdm.conf and uncommenting the "chooser=true" line.) The cool thing about this is that when you reboot the zone, it drops you immediately to the global zone's login. Your zone will reboot in just a few seconds and you can use the global zone's chooser to login again!
Correction:If you are using Solaris 10, the gdm service name is gdm2-login:
$ svcs -a | grep -i gdm
disabled Aug_29 svc:/application/gdm2-login:default