How to restrict reboot/poweroff from non-admins?

Home » CentOS » How to restrict reboot/poweroff from non-admins?
CentOS 7 Comments

I just noticed that CentOS (6.2) by default allows any user to reboot/poweroff system without any admin rights, or without any further questions, if using commands ‘reboot’ or ‘poweroff’. But ‘shutdown’ still requires admin rights.

What is the preferred way to restrict any regular user from rebooting /powering off the system (by accident)?

IMHO, sudo should be required for this purpose (at least in a system with shared remote access from multiple users, single-user laptops etc may be a different case)


7 thoughts on - How to restrict reboot/poweroff from non-admins?

  • Timo Neuvonen wrote on 03/28/2012 09:17 AM:

    OUCH! This seems to qualify as a CentOS bug. I confirm that a normal
    user can reboot or poweroff the system on 6.2. On RHEL:

    $ rpm -qa redhat-release*
    $ poweroff
    poweroff: Need to be root
    $ reboot
    reboot: Need to be root


  • I was just reading this the other day in a book but cannot find
    it…there is some command that limits this…not sure if it was just
    sudo or not…
    yea, that is scary

  • Only console users (local users) are allowed to do that. It’s configured
    using pam (I use Centos5.8 so forgive me if this is not the same for
    CentOS6). I tried to change settings in /etc/pam.d/ and that indeed works:


    I added as a second line :
    auth sufficient
    # prevent normal users to reboot
    auth required

    But still the user locally logged on to the machine (gnome session) can
    switch it off. So I think I also missed something.


  • Johnny Hughes wrote on 03/28/2012 10:26 AM:

    Got me there. The access mode does seem to be the difference. I tested
    from the GUI on CentOS and via ssh on RHEL. Logged on to the console in
    a GUI on RHEL6 a user can reboot or poweroff, and presumably also halt.
    Seems to be the “console user” thing. So CentOS does match upstream.


  • I just did some research on this … the files that need to be modified
    to change this behavior are:


    The files in CentOS are identical to upstream … they are also
    identical to each other and look like this:

    auth sufficient
    auth required
    #auth include system-auth
    account required

    I am sure those can be adjusted so console access by itself is not

  • Both methods should work. With requisite the following checks are not
    done anymore (it fails right away). But even if the other tests succeed
    (after a failing required) the final judgement is still “fail”. It a way
    not to tell the reason authentication fails. This makes it a little bit
    more difficult for an attacker.

    Note that shutdown is not in the list of pam enabled applications. So a
    user cannot poweroff, but he can still shutdown :-(
    I read that /etc/shutdown.allow controls shutdown but I don’t understand
    what the gnome desktop actually calls. Apparently it is not

    Anyone knows how to properly prevent any non root user (console and
    remote) for powering off a machine?

    I need this only for desktop users that switch of their machine by
    accident. The machine is used as part of a compute grid as well.