1

Similar questions have been asked about this here but I tried them to no avail. I suspect what used to work in the past have not been working in the latest versions of Ubuntu. I am using Ubuntu Xenial 16.04.

I have tried the following:

1.

pico /etc/polkit-1/50-local.d/disable-shutdown.pkla

Then fill the file with:

[Disable shutdown/restart etc. for users]
Identity=unix-user:a;unix-group:b;
Action=org.freedesktop.login1.reboot;org.freedesktop.login1.reboot-multiple-sessions;org.freedesktop.login1.power-off;org.freedesktop.login1.power-off-multiple-sessions;org.freedesktop.consolekit.system.stop;org.freedesktop.consolekit.system.restart;org.freedesktop.upower.suspend;org.freedesktop.upower.hibernate;org.freedesktop.login1.suspend;org.freedesktop.login1.suspend-multiple-sessions;org.freedesktop.login1.hibernate;org.freedesktop.login1.hibernate;org.freedesktop.login1.hibernate-multiple-sessions
ResultAny=no
ResultInactive=no
ResultActive=no

2.

chmod o-x /sbin/shutdown
chmod o-x /sbin/reboot

These methods didn't work for me. I could still reboot the server with a non-root account after entering the password:

 sudo reboot

EDIT: With xxx's account:

sudo -l

gives

Matching Defaults entries for xxx on scw-415fa7:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:
                /usr/bin\:/sbin\:/bin\:/snap/bin

User xxx may run the following commands on scw-415fa7:
    (ALL : ALL) ALL

.

sudo grep xxx /etc/sudoers* -R

gives

/etc/sudoers:xxx ALL=(ALL:ALL) ALL
Chong Lip Phang
  • 111
  • 1
    sudo reboot runs reboot as root. That's the whole point of sudo. Why give users sudo privileges if you don't want them to run commands as root? – muru Dec 26 '17 at 05:47
  • Alright. Now I see the problem. Could you also please tell me how to take away sudo privileges from non-root users? – Chong Lip Phang Dec 26 '17 at 05:52
  • How did you give it to them in the first place? – muru Dec 26 '17 at 05:53
  • I think this will answer my question: https://askubuntu.com/questions/335987/remove-sudo-privileges-from-a-user-without-deleting-the-user – Chong Lip Phang Dec 26 '17 at 05:54
  • Hey...sudo deluser xxx sudo...didn't work. It said: The user xxx' is not a member of groupsudo'. I think I added the user with this command: adduser xxx. – Chong Lip Phang Dec 26 '17 at 05:58
  • Run sudo -l as the xxx user and add the output here, please. – muru Dec 26 '17 at 06:00
  • Matching Defaults entries for xxx on scw-415fa7: env_reset, mail_badpass, secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin

    User xxx may run the following commands on scw-415fa7: (ALL : ALL) ALL

     – Chong Lip Phang Dec 26 '17 at 06:02
  • I can't read that. Edit your post with the output. Also the output of sudo grep xxx /etc/sudoers* -R, where xxx is the username – muru Dec 26 '17 at 06:04

2 Answers2

0

If you want to give access to only root, you can do:

chmod 700 /sbin/reboot
chmod 700 /sbin/shutdown
Manuel Schmitzberger
  • 141
0

I think I have solved my problem with this on the root account:

visudo

Then comment out this line:

#xxx ALL=(ALL:ALL) ALL
Chong Lip Phang
  • 111