Allowing Non-root Users To Reboot A Workstation
I would like to be able to allow regular users that don’t have admin privileges to be able to reboot their workstation. (they’re software developers so rebooting their workstation doesn’t affect anybody else)
I tried changing the ownership of /sbin/reboot and /sbin/shutdown to root:users and permissions to 550, but that didn’t work – it’s still asking for root privileges.
Possibly the problem might be that there’s centralized LDAP authentication, not local, so the changes I made only apply to local accounts?
Any suggestions?
FW
7 thoughts on - Allowing Non-root Users To Reboot A Workstation
Did you try adding
UserName ALL= NOPASSWD: /sbin/reboot
As the last line of their /etc/sudoers files?
(replacing UserName with their actual user name, of course.)
That should grant them root access to only the /sbin/reboot command (add more commands using comma delimiting).
Then they just run
$ sudo reboot
If you want to require they enter their own password before rebooting, use the line
UserName ALL=/sbin/reboot
Instead.
Use of sudo is recorded in /var/log/secure, if I recall correctly.
Personally, this is what I’d use sudo for.
You can configure sudo to allow only certain commands with or without a password. Not a lot of detail, but you can either require or skip the password. And, instead of individuals – you can use groups. If you look through the soders file, you’ll see how it’s doen.
This very brief article goes into a limited how-to:
http://www.atrixnet.com/allow-an-unprivileged-user-to-run-a-certain-command-with-sudo/
If they are local users (sitting in front of that computer), they will be able to use the commands
shutdown reboot poweroff
without any need of special privileges, which tells RedHat and CentOS
apart from majority of Linuxes. This is incredibly logical (Thanks, RedHat!), as local user can just press power button, or yank AC cord.
To allow remote users reboot machine you can allow them execute some commands via sudo , like:
sudo reboot
Command sudo means Substitute User DO; when username of substitute user is not mentioned in command user “root: is used as substitute user, this is where misinterpreting the command as “super user do” originates, and the last is wrong. Do “man visudo”, “man sudo”, to learn details.
Incidentally, rebooting machine is rather big deal, if that is used to resolve some trouble happening every so often, I would rather look into fixing the cause of that trouble.
Valeri
That seems to have worked on my own test account – I applied it to the user having the issue and asked for his feedback when he gets a chance.
Thanks!
W dniu 02.02.2018 o 18:27, Felipe Westfields pisze:
It may be more appropriate to place this line in separate file under
/etc/sudoers.d/
—
MoonWolf
Felipe Westfields wrote:
Um, I take it that a three-finger kill doesn’t work?
mark
You;ll want to look at polkit configuration as that’s what is used by systemd, and by gnome as a result, to determine what actions are permitted
https://www.hogarthuk.com/?q=node/10