Timo Neuvonen
2012-Mar-28 13:17 UTC
[CentOS] How to restrict reboot/poweroff from non-admins?
I just noticed that CentOS (6.2) by default allows any user to reboot/poweroff system without any admin rights, or without any further questions, if using commands 'reboot' or 'poweroff'. But 'shutdown' still requires admin rights. What is the preferred way to restrict any regular user from rebooting / powering off the system (by accident)? IMHO, sudo should be required for this purpose (at least in a system with shared remote access from multiple users, single-user laptops etc may be a different case) -- TiN
Phil Schaffner
2012-Mar-28 14:03 UTC
[CentOS] How to restrict reboot/poweroff from non-admins?
Timo Neuvonen wrote on 03/28/2012 09:17 AM:> I just noticed that CentOS (6.2) by default allows any user to > reboot/poweroff system without any admin rights, or without any further > questions, if using commands 'reboot' or 'poweroff'. But 'shutdown' still > requires admin rights. > > What is the preferred way to restrict any regular user from rebooting / > powering off the system (by accident)? > > IMHO, sudo should be required for this purpose (at least in a system with > shared remote access from multiple users, single-user laptops etc may be a > different case) >OUCH! This seems to qualify as a CentOS bug. I confirm that a normal user can reboot or poweroff the system on 6.2. On RHEL: $ rpm -qa redhat-release\* redhat-release-server-6Server-6.2.0.3.el6.x86_64 $ poweroff poweroff: Need to be root $ reboot reboot: Need to be root Phil