Allowing Non-root Users To Reboot A Workstation

Home » CentOS » Allowing Non-root Users To Reboot A Workstation
CentOS 7 Comments

I would like to be able to allow regular users that don’t have admin privileges to be able to reboot their workstation. (they’re software developers so rebooting their workstation doesn’t affect anybody else)

I tried changing the ownership of /sbin/reboot and /sbin/shutdown to root:users and permissions to 550, but that didn’t work – it’s still asking for root privileges.

Possibly the problem might be that there’s centralized LDAP authentication, not local, so the changes I made only apply to local accounts?

Any suggestions?

FW

7 thoughts on - Allowing Non-root Users To Reboot A Workstation

  • Did you try adding

    UserName ALL= NOPASSWD: /sbin/reboot

    As the last line of their /etc/sudoers files?
    (replacing UserName with their actual user name, of course.)

    That should grant them root access to only the /sbin/reboot command (add more commands using comma delimiting).

    Then they just run
    $ sudo reboot

    If you want to require they enter their own password before rebooting, use the line

    UserName ALL=/sbin/reboot

    Instead.

    Use of sudo is recorded in /var/log/secure, if I recall correctly.

  • Personally, this is what I’d use sudo for.

    You can configure sudo to allow only certain commands with or without a password. Not a lot of detail, but you can either require or skip the password. And, instead of individuals – you can use groups. If you look through the soders file, you’ll see how it’s doen.

    This very brief article goes into a limited how-to:

    http://www.atrixnet.com/allow-an-unprivileged-user-to-run-a-certain-command-with-sudo/

  • If they are local users (sitting in front of that computer), they will be able to use the commands

    shutdown reboot poweroff

    without any need of special privileges, which tells RedHat and CentOS
    apart from majority of Linuxes. This is incredibly logical (Thanks, RedHat!), as local user can just press power button, or yank AC cord.

    To allow remote users reboot machine you can allow them execute some commands via sudo , like:

    sudo reboot

    Command sudo means Substitute User DO; when username of substitute user is not mentioned in command user “root: is used as substitute user, this is where misinterpreting the command as “super user do” originates, and the last is wrong. Do “man visudo”, “man sudo”, to learn details.

    Incidentally, rebooting machine is rather big deal, if that is used to resolve some trouble happening every so often, I would rather look into fixing the cause of that trouble.

    Valeri

  • That seems to have worked on my own test account – I applied it to the user having the issue and asked for his feedback when he gets a chance.

    Thanks!

  • W dniu 02.02.2018 o 18:27, Felipe Westfields pisze:

    It may be more appropriate to place this line in separate file under
    /etc/sudoers.d/


    MoonWolf