[CentOS] How to restrict reboot/poweroff from non-admins?
timo-news at tee-en.net
Wed Mar 28 15:38:37 EDT 2012
> Only console users (local users) are allowed to do that. It's configured
> using pam (I use Centos5.8 so forgive me if this is not the same for
> CentOS6). I tried to change settings in /etc/pam.d/ and that indeed works:
> I added as a second line :
> auth sufficient pam_rootok.so
> # prevent normal users to reboot
> auth required pam_deny.so
> But still the user locally logged on to the machine (gnome session) can
> switch it off. So I think I also missed something.
I can't test it right now, but reading 'man pam.d' made me wonder if
'required' in the 'auth required pam_deny.so' in the example above
should be replaced with 'requisite'.
More information about the CentOS