Personally, this is what I'd use sudo for. You can configure sudo to allow only certain commands with or without a password. Not a lot of detail, but you can either require or skip the password. And, instead of individuals - you can use groups. If you look through the soders file, you'll see how it's doen. This very brief article goes into a limited how-to: http://www.atrixnet.com/allow-an-unprivileged-user-to-run-a-certain-command-with-sudo/ On Fri, Feb 2, 2018 at 9:09 AM, Felipe Westfields < felipe.westfields at gmail.com> wrote: > I would like to be able to allow regular users that don't have admin > privileges to be able to reboot their workstation. (they're software > developers so rebooting their workstation doesn't affect anybody else) > > I tried changing the ownership of /sbin/reboot and /sbin/shutdown to > root:users and permissions to 550, but that didn't work - it's still asking > for root privileges. > > Possibly the problem might be that there's centralized LDAP authentication, > not local, so the changes I made only apply to local accounts? > > Any suggestions? > > FW > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos > -- Natrona County Beekeepers <http://ncbees.org> Casper Amateur Radio Club <http://casperarc.net> By sending an email to or replying in any way to ANY of my addresses, numbers, comments or messages, you are agreeing that: 1. I am, by definition, "the intended recipient" - in spite of and regardless of your intent, real or imaginary. 2. If you need to know that you know who is receiving your communications and must also be able to verify they were not tampered with in any way, while en route as well as verify receipt (but not comprehension), you must use PKI and have a verified Public Key published in an accessible location. NOTE: if your PKI Public Key is not signed by anyone I recognize, it will not be trusted. Unless I choose otherwise. 2. All information in any received communication is mine to do with as I see fit. I will make such financial gain, profit, political mileage, social satire, public value or jokes - as it lends itself and as I choose. In particular, I may quote it on usenet, IRC, SMS and/or future SMTP communications, regardless of SSL or TLS implementation, not inclusive. 3. I may take the contents of your messages as representing the views of your company, country or agency. Particularly if you've used a TLD owned by or under control of said entity. 4. This agreement - now that you've read this far - is now a contract and absolutely overrides any disclaimer or statement of confidentiality that may or may not be included, implied or missing in any of your messages. Especially as such things are meaningless, pointless and carry no weight, authority or validity, be they mass, legal or emotional, in spite of what your cousin said.