How to: Allow Any User To Shutdown a Linux Server

Posted on in Categories CentOS, Debian Linux, FreeBSD, Gentoo Linux, Howto, Linux, RedHat/Fedora Linux, Sys admin, Tips, Ubuntu Linux last updated February 23, 2006

You need to use the sudo command to grant a permission to other users to shutdown your server. The sudo command allows a permitted user to execute a command as the superuser or another user, as specified in the /etc/sudoers file. Login as a root user and type the visudo command to edit the sudoers file.

Use Configuration

In this example, allow user rocky to shutdown computer (first login as a root user):
$ su -
# visudo

Append the following configuration to a file:
rocky server.example.com=/sbin/halt /sbin/reboot
Save file and close the file. Now, rocky user can halt server by typing the following command:
$ sudo /sbin/halt
Output:

Password:

Please note that at password prompt rocky need to type his own password.

Another option is add users to /etc/shutdown.allow access control file. shutdown command can see if an authorized user is logged in on one of the virtual consoles. If shutdown command is called with the -a argument , it checks to see if the file /etc/shutdown.allow is present. It then compares the login names in that file with the list of people that are logged in on a virtual console only if one of those authorized users or root is logged in, it will proceed. Otherwise, it will write the message

shutdown: no authorized users logged in

First login as a root user:
# echo rocky >> /etc/shutdown.allow
Alternatively, use a text editor such as vi to add a username to etc/shutdown.allow file (max 32 names are allowed at a time):
# vi /etc/shutdown.allow
Finally, rocky can login and type the following command:
rocky@server1 $ /sbin/shutdown -a -h 0

See also:

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Share this on (or read 10 comments/add one below):

10 comment

  2. Nice topic.

    But in :
    # touch /etc/shutdown.allow
    # echo”username” >> /etc/shutdown.allow

    The first line is useless. (touch)

  4. Yep – but then you typed it too quickly

    echo”rokcy” >> /etc/shutdown.allow

    should read

    echo “rocky” >> /etc/shutdown.allow

    and by the way, these quotes are useless here. I’ve never seen a user login that would require quoting, BTW.

    echo rocky >> /etc/shutdown.allow

  6. Well I share the easy part.

    But again,
    You still mispelled it – that’s r-o-c-k-y
    not r-o—k—c—-y

    breeze deeply. ;-))

  9. at least in debian systems the shutdoen.allow only works for the alt+ctrl+del way of it.
    still the user isn’t allowed to invoke /sbin/shutdown…

  10. Looks this topics needs a revisit todat. My distro (SL 6.4) has user verion of poweroff, halt, reboot provide by usermode package. I can shutdown, reboot as a normal user (from the command line as well)

    $ which {poweroff,reboot,halt}
    /usr/bin/poweroff
    /usr/bin/reboot
    /usr/bin/halt
    rpm -qf $(which poweroff reboot halt)
    usermode-1.102-3.el6.x86_64
    usermode-1.102-3.el6.x86_64
    usermode-1.102-3.el6.x86_64

    As root

    # which {poweroff,reboot,halt}
    /sbin/poweroff
    /sbin/reboot
    /sbin/halt

    # rpm -qf $(which poweroff reboot halt)
    upstart-0.6.5-12.el6.x86_64
    upstart-0.6.5-12.el6.x86_64
    upstart-0.6.5-12.el6.x86_64

    Have a question? Post it on our forum!

Tagged as: Tags , , , , , ,