The easiest way to disable shutdown and reboot commands using the /etc/sudoers file, here you can specify a user (ucartz) or group (developers) which are not allowed to execute these commands.

# vi /etc/sudoers

Add these lines to Command Aliases section.

Cmnd_Alias     SHUTDOWN = /sbin/shutdown,/sbin/reboot,/sbin/halt,/sbin/poweroff
# User privilege specification
ucartz   ALL=(ALL:ALL) ALL, !SHUTDOWN
# Allow members of group sudo to execute any command
%developers  ALL=(ALL:ALL) ALL,  !SHUTDOWN

Now try to execute shutdown and reboot commands as a normal user (ucartz).


Another way is to remove execution permissions on shutdown and reboot commands for all users except root.

# chmod o-x /sbin/shutdown
# chmod o-x /sbin/reboot


Note:


Under systemd, these file(/sbin/shutdown, /sbin/reboot, /sbin/halt, /sbin/poweroff) are only symbolic links to /bin/systemctl:

# ls -l /sbin/shutdown
# ls -l /sbin/reboot
# ls -l /sbin/halt
# ls -l /sbin/poweroff

To prevent other users from running these commands, you would simply remove execution permissions as explained above, but this is not effective under systemd. You can remove execution permissions on /bin/systemctl meaning all other users except root will only run systemctl.

# chmod  o-x /bin/systemctl


Was this answer helpful? 2 Users Found This Useful (2 Votes)