The easiest way to disable shutdown and reboot commands using the /etc/sudoers file, here you can specify a user (ucartz) or group (developers) which are not allowed to execute these commands.
# vi /etc/sudoers
Add these lines to Command Aliases section.
Cmnd_Alias SHUTDOWN = /sbin/shutdown,/sbin/reboot,/sbin/halt,/sbin/poweroff # User privilege specification ucartz ALL=(ALL:ALL) ALL, !SHUTDOWN # Allow members of group sudo to execute any command %developers ALL=(ALL:ALL) ALL, !SHUTDOWN
Now try to execute shutdown and reboot commands as a normal user (ucartz).
Another way is to remove execution permissions on shutdown and reboot commands for all users except root.
# chmod o-x /sbin/shutdown # chmod o-x /sbin/reboot
Note:
Under systemd, these file(/sbin/shutdown, /sbin/reboot, /sbin/halt, /sbin/poweroff) are only symbolic links to /bin/systemctl:
# ls -l /sbin/shutdown # ls -l /sbin/reboot # ls -l /sbin/halt # ls -l /sbin/poweroff
To prevent other users from running these commands, you would simply remove execution permissions as explained above, but this is not effective under systemd. You can remove execution permissions on /bin/systemctl
meaning all other users except root will only run systemctl.
# chmod o-x /bin/systemctl