[CentOS] How to restrict reboot/poweroff from non-admins?

Wed Mar 28 14:26:14 UTC 2012
Johnny Hughes <johnny at centos.org>

On 03/28/2012 09:03 AM, Phil Schaffner wrote:
> Timo Neuvonen wrote on 03/28/2012 09:17 AM:
>> I just noticed that CentOS (6.2) by default allows any user to
>> reboot/poweroff system without any admin rights, or without any further
>> questions, if using commands 'reboot' or 'poweroff'. But 'shutdown' still
>> requires admin rights.
>>
>> What is the preferred way to restrict any regular user from rebooting /
>> powering off the system (by accident)?
>>
>> IMHO, sudo should be required for this purpose (at least in a system with
>> shared remote access from multiple users, single-user laptops etc may be a
>> different case)
>>
> OUCH! This seems to qualify as a CentOS bug.  I confirm that a normal 
> user can reboot or poweroff the system on 6.2.  On RHEL:
>
> $ rpm -qa redhat-release\*
> redhat-release-server-6Server-6.2.0.3.el6.x86_64
> $ poweroff
> poweroff: Need to be root
> $ reboot
> reboot: Need to be root
>
> Phil

Make sure you are testing apples to apples

Test ssh access versus local console access, etc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20120328/148a072a/attachment-0005.sig>