only allow reboot and shutdown to root user.

[damithk]

Hi,

Centos release is 7.9.2009.
I only need to allow root user to reboot or shutdown the system.
that means I need to remove this shutdown and reboot access to admin users in wheel group.

I tried to go to visudo and add following line
%wheel ALL=(ALL) ALL, !/usr/bin/shutdown, !/usr/bin/reboot

after I press reboot or shutdown it ask password of the user (not the root user password. specific wheel group user password will work).

Could someone help me to resolve this.

Thank you

[TrevorH]

From man sudo searching for "order"

Code: Select all

     When multiple entries match for a user, they are applied in order.  Where there are multiple matches, the
     last match is used (which is not necessarily the most specific match).

So it's the _order_ of the lines that determine which one takes precedence.

Also, you might want to read the bit it has about

Code: Select all

     Note, however, that using a ‘!’ in conjunction with the built-in ALL alias to allow a user to run “all but
     a few” commands rarely works as intended (see SECURITY NOTES below).

[damithk]

Hi,

Thank you for the reply.
isn't there any straight forward way to only allow root user to reboot and shutdown the system.

Thank you

[TrevorH]

Only by specifically allowing a list of things that people in a particular group may be allowed to do.