How to Disable Shutdown and Reboot Commands in Linux

The shutdown command schedules a time for a Linux system to be powered down, it may as well be used to halt, power-off or reboot the machine when invoked with particular options and reboot instructs the system to restart.

Certain Linux distros such as Ubuntu, Linux Mint, Mandriva just to mention but a few, make it possible to reboot/halt/shutdown the system as a normal user, by default. This is not ideal setting especially on servers, it must be something to worry about especially for a system administrator.

In this article, we will show how to disable shutdown and reboot commands for normal users in Linux.

Disable Shutdown and Reboot Commands in Linux

The easiest way to disable shutdown and reboot commands using the /etc/sudoers file, here you can specify a user (tecmint) or group (developers) which are not allowed to execute these commands.

# vi /etc/sudoers

Add these lines to Command Aliases section.

Cmnd_Alias     SHUTDOWN = /sbin/shutdown,/sbin/reboot,/sbin/halt,/sbin/poweroff

# User privilege specification
tecmint   ALL=(ALL:ALL) ALL, !SHUTDOWN

# Allow members of group sudo to execute any command
%developers  ALL=(ALL:ALL) ALL,  !SHUTDOWN

Now try to execute shutdown and reboot commands as normail user (tecmint).

How to Disable Shutdown and Reboot Commands in Linux

Command shutdown and Reboot Disabled for User

Another way is to remove execution permissions on shutdown and reboot commands for all users except root.

# chmod o-x /sbin/shutdown
# chmod o-x /sbin/reboot

Note: Under systemd, these file(/sbin/shutdown, /sbin/reboot, /sbin/halt, /sbin/poweroff) are only symbolic links to /bin/systemctl:

# ls -l /sbin/shutdown
# ls -l /sbin/reboot
# ls -l /sbin/halt
# ls -l /sbin/poweroff
How to Disable Shutdown and Reboot Commands in Linux

SystemD Symbolic Links

To prevent other users from running these commands, you would simply remove execution permissions as explained above, but this is not effective under systemd. You can remove execution permissions on /bin/systemctl meaning all other users except root will only run systemctl.

# chmod  o-x /bin/systemctl

You may also want to learn how to disable certain functionalities such as SSH root login and limit SSH access, SELinux, unwanted services in Linux by reading through these guides:

  1. How to Enable and Disable Root Login in Ubuntu
  2. How to Disable SELinux Temporarily or Permanently in RHEL/CentOS 7/6
  3. Disable or Enable SSH Root Login and Limit SSH Access in Linux
  4. How to Stop and Disable Unwanted Services from Linux System

That’s it! In this article, we showed how to disable shutdown and reboot commands for normal system users in Linux. Do you know of any other way of doing this, share it with us in the comments.

Source: tecmint.com

Be the first to comment

Leave a Reply

Your email address will not be published.


*