Preventing normal users from Shutting Down or Rebooting PC

The default policy in linux is often that normal users can shut down or reboot a PC, even if other people are logged in. When using a desktop PC as a server or if you often leave your applications open, you don't want that to happen.

This is a question that comes up many times on the Internet. The problem is that the components in linux change and not every distribution uses the same components.

In linux, only root has the power to shut down or reboot. Many linux distributions use Policykit for rules to override this and let the normal users shut down and reboot.

In Fedora 21, to override the default rules, create a new rule with the following command:
sudo nano /etc/polkit-1/rules.d/60-noreboot_norestart.rules
 Paste the following text:
polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.login1.reboot" ||
        action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
        action.id == "org.freedesktop.login1.power-off" ||
        action.id == "org.freedesktop.login1.power-off-multiple-sessions") {
        if (subject.isInGroup("power")) {
            return polkit.Result.YES;
        } else {
            return polkit.Result.AUTH_ADMIN;
        }
    }
});
Save the file. The policy will now be in use for users logging in. It will always prevent a normal user from rebooting or shutting down the system and it will ask for the administrator user password. If you want to allow a user to shut down or reboot when no one else is logged in, modify the rules above and remove the parts "action.id == "org.freedesktop.login1.reboot" ||" and "action.id == "org.freedesktop.login1.power-off" ||". Then it will only prevent users from rebooting and shutting down when other users are logged in.


[1] At some point there was a bug in systemd that ignored the login rules, but it was fixed last year [freedesktop.org].

[2] The code in this article was copied from here [superuser.com]

Kommentarer

Skicka en kommentar

Populära inlägg i den här bloggen

Steelseries Arctis 7 headset in Linux

Bild
UPDATE. This headset works without modifications in Linux after the changes were committed to pulseaudio in 2017.  The Steelseries Arctis series headsets are very comfortable. You can wear this headset all day long thanks to the comfortable head strap. Steelseries Arctis 7 There are three models, Arctis 3, 5 and 7. The last one is the most expensive and has wireless connection. Arctis 5 is basically the same without wireless (only USB connection). Arctis 3 has only analog inputs. I've got the Arctis 7 model and of course I'm using it with Linux. There were some issues setting it up. It works fine in Alsa, the device is recognized. You do have to adjust sound levels, at least the mic has too low sound level. Use alsamixer on command line to adjust all volume levels for the headset to 100% (the two outputs and one input). But Pulseaudio has some issues. Only the mono device (chat output) and microphone is visible. This is because the headset uses a non-supported co...
Läs mer

Hard disk Firmware update on the Linux command line

Sometimes you will find that your hard disk is slow, or there are some other issues with disk performance. If you are lucky, the disk is not broken. It could have some firmware bugs, and if you are even more lucky, the manufacturer could have issued a firmware update. I've updated several hard disk firmwares in the past. Usually you have to use a boot disk with DOS or something to update the firmware. Why updating firmware? One of my hard disks in the past needed a new firmware because it was dropping out from a RAID controller. It began working fine after the firmware update. The latest hard disk that needed firmware update was Seagate 15k.7 ST3450857SS SAS. I noticed that the disks sometimes slowed down during writes and even stalled. I use two 450GB disks in software RAID 1. By googling I found that there were other people having similar problems with the same disk and that there were actually a firmware update available from Seagate. Also Dell, HP and IBM seems to ha...
Läs mer

Using IBM ServeRAID M1015 card in Linux

Bild
The FusionMPT SAS2 based cards by LSI are cheap RAID cards that perform well in RAID 0 and 1 under Linux with SSDs and ZFS arrays. They are used in many 1U servers with one or two disks. They are also a popular SAS 6.0 / SATA III controllers for enthusiasts. You can get them cheap on ebay. Before SATA III was common on motherboards, this was THE card to get. It can still be useful if you need SAS disks or additional disks or have a need for disk enclosures. It is identical to the LSI MegaRAID SAS 9220-8i. The same hardware is also used in LSI 9240 and LSI 9211. It is possible to use the BIOS from another card (crossflashing) to change the features of the card. There are a few different BIOS files you can use. Specifications:  Official LSI information 8-lane, 5 GT/s PCI Express 2.0 Identical to LSI 9240-8i card 6 Gb/s per port Two x4 internal SFF-8087 connectors Controller LSISAS2008 Low cost SATA+SAS RAID solution RAID levels 0, 1, 5, 10, 50 and JBOD mode >...
Läs mer