Ask Your Question
1

How do I prevent users to shutdown the pc

asked 2013-09-24 03:57:46 -0500

rashid1a gravatar image

updated 2013-09-24 04:01:08 -0500

I have a Server Pc running in an office that is also functioning as a workstation(budget reasons)

I want to prevent standard users from shutting down the server through the GUI(command line has low priority).

They should only be able to log out.

Only root and a System-Admin should be allowed to shutdown the PC. How can I do something like that in Fedora 19?

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
2

answered 2013-09-24 05:27:59 -0500

shaiton gravatar image

updated 2013-09-24 05:30:22 -0500

Administrator commands are run through Polkit in order to get root privilege.

If only one user is logged in your system, he will get administrator privilege for common actions like shutdown or restart. If more than one user is logged, you'll be asked the root password.

To prevent simple user to shutdown the server, hoping that he does not know the root password (or you won't have a chance to manage properly your server), add a Polkit rule:

Create the file /etc/polkit-1/rules.d/20-prevent-shutdown.rules with the following content:

polkit.addRule(function(action, subject) {
    if ((action.id == "org.freedesktop.consolekit.system.stop" ||
         action.id == "org.freedesktop.consolekit.system.restart") &&
         subject.isInGroup("users")) {
            return subject.active ? polkit.Result.AUTH_ADMIN : polkit.Result.NO;
    }
});

You find more actions by running pkaction. See:

  • org.freedesktop.upower.suspend
  • org.freedesktop.upower.hibernate

You might try your actions with pkexec.

-- Source at superuser

edit flag offensive delete link more

Comments

copying the given content into the rules-file did not work for me. I had to check in var/logs/secure which actionID is responsable for shutdown and reboot.

rashid1a gravatar imagerashid1a ( 2013-09-26 20:42:23 -0500 )edit

@rashid1a and what was the correct rule then?

shaiton gravatar imageshaiton ( 2013-09-27 02:01:28 -0500 )edit

The rules can be obtained with the following command:

pkaction |grep login1

In this case its probably:

org.freedesktop.login1.power-off
org.freedesktop.login1.reboot

but beware of the multiple-session options people can shutdown if multiple sessions are active if you do not disallow that explicitly!

enaut gravatar imageenaut ( 2014-04-07 10:00:17 -0500 )edit
0

answered 2013-09-24 04:03:08 -0500

Pascal76 gravatar image

updated 2013-09-24 04:08:59 -0500

At first, this is not a Fedora-related, rather a general Linux-related question.

Maybe you should think about seperating this machine from your users and giving them a machine for working with - even without hard disk if you consider using PXE Environment.

edit flag offensive delete link more

Question Tools

1 follower

Stats

Asked: 2013-09-24 03:57:46 -0500

Seen: 2,806 times

Last updated: Sep 24 '13