[CentOS] How to restrict reboot/poweroff from non-admins?

Phil Schaffner Philip.R.Schaffner at NASA.gov
Wed Mar 28 10:47:47 EDT 2012


Johnny Hughes wrote on 03/28/2012 10:26 AM:
> On 03/28/2012 09:03 AM, Phil Schaffner wrote:
>> Timo Neuvonen wrote on 03/28/2012 09:17 AM:
>>> I just noticed that CentOS (6.2) by default allows any user to
>>> reboot/poweroff system without any admin rights, or without any further
>>> questions, if using commands 'reboot' or 'poweroff'. But 'shutdown' still
>>> requires admin rights.
>>>
>>> What is the preferred way to restrict any regular user from rebooting /
>>> powering off the system (by accident)?
>>>
>>> IMHO, sudo should be required for this purpose (at least in a system with
>>> shared remote access from multiple users, single-user laptops etc may be a
>>> different case)
>>>
>> OUCH! This seems to qualify as a CentOS bug.  I confirm that a normal
>> user can reboot or poweroff the system on 6.2.  On RHEL:
>>
>> $ rpm -qa redhat-release\*
>> redhat-release-server-6Server-6.2.0.3.el6.x86_64
>> $ poweroff
>> poweroff: Need to be root
>> $ reboot
>> reboot: Need to be root
>>
>> Phil
> Make sure you are testing apples to apples
>
> Test ssh access versus local console access, etc.
>

Got me there.  The access mode does seem to be the difference.  I tested 
from the GUI on CentOS and via ssh on RHEL.  Logged on to the console in 
a GUI on RHEL6 a user can reboot or poweroff, and presumably also halt.  
Seems to be the "console user" thing.  So CentOS does match upstream.

Phil



More information about the CentOS mailing list