[CentOS] How to restrict reboot/poweroff from non-admins?

Wed Mar 28 19:38:37 UTC 2012
Timo Neuvonen <timo-news at tee-en.net>

> Only console users (local users) are allowed to do that. It's configured
> using pam (I use Centos5.8 so forgive me if this is not the same for
> CentOS6). I tried to change settings in /etc/pam.d/ and that indeed works:
> /etc/pam.d/poweroff
> /etc/pam.d/reboot
> /etc/pam.d/halt
> I added as a second line :
> auth       sufficient   pam_rootok.so
> # prevent normal users to reboot
> auth       required     pam_deny.so
> ....
> But still the user locally logged on to the machine (gnome session) can
> switch it off. So I think I also missed something.

I can't test it right now, but reading 'man pam.d' made me wonder if
'required'  in the 'auth required pam_deny.so' in the example above
should be replaced with  'requisite'.