> Only console users (local users) are allowed to do that. It's configured > using pam (I use Centos5.8 so forgive me if this is not the same for > CentOS6). I tried to change settings in /etc/pam.d/ and that indeed works: > > /etc/pam.d/poweroff > /etc/pam.d/reboot > /etc/pam.d/halt > > I added as a second line : > auth sufficient pam_rootok.so > # prevent normal users to reboot > auth required pam_deny.so > .... > > But still the user locally logged on to the machine (gnome session) can > switch it off. So I think I also missed something. I can't test it right now, but reading 'man pam.d' made me wonder if 'required' in the 'auth required pam_deny.so' in the example above should be replaced with 'requisite'. -- TiN