[Solved] Prevent users from rebooting server

General support questions
Post Reply
sveinh
Posts: 3
Joined: 2009/05/03 01:00:14

[Solved] Prevent users from rebooting server

Post by sveinh » 2015/02/04 09:42:03

I have installed a centos 7 server which have gdm started to allow graphical logins (terminal server), but gdm and gnome allows regular users from rebooting, halting and suspending the server.
I haven't found any way to prevent it. From the ssh the user is prohibited from doing this-

Code: Select all

$ systemctl reboot -i
==== AUTHENTICATING FOR org.freedesktop.login1.reboot ===
Authentication is required for rebooting the system.
Authenticating as: root
Password: 
I have tried to setting RebootCommand to blank in /etc/gdm/custom.conf but it seems to have no effect.
Last edited by sveinh on 2015/02/04 14:30:00, edited 1 time in total.

User avatar
TrevorH
Forum Moderator
Posts: 31067
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Prevent users from rebooting server

Post by TrevorH » 2015/02/04 10:49:14

After much experimentation with stuff found at random on the net, this appears to work. Create the file with the following contents:

Code: Select all

# cat /etc/polkit-1/rules.d/00-stop-reboot.rules
polkit.addRule(function(action, subject) {
  if (action.id.indexOf("org.freedesktop.login1.hibernate") == 0) {
    return polkit.Result.AUTH_ADMIN;
  }
});

polkit.addRule(function(action, subject) {
  if (action.id.indexOf("org.freedesktop.login1.power-off") == 0) {
    return polkit.Result.AUTH_ADMIN;
  }
});

polkit.addRule(function(action, subject) {
  if (action.id.indexOf("org.freedesktop.login1.reboot") == 0) {
    return polkit.Result.AUTH_ADMIN;
  }
});

polkit.addRule(function(action, subject) {
  if (action.id.indexOf("org.freedesktop.login1.suspend") == 0) {
    return polkit.Result.AUTH_ADMIN;
  }
});
You can probably also use subject.isInGroup("wheel") to allow admin users to do so without authorization or modify the above to return polkit.Result.NO to flat out deny it.
CentOS 6 died in November 2020 - migrate to a new version!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

sveinh
Posts: 3
Joined: 2009/05/03 01:00:14

Re: Prevent users from rebooting server

Post by sveinh » 2015/02/04 14:29:28

Thanks worked like a charm.

Post Reply

Return to “CentOS 7 - General Support”