You need to use the sudo command to grant a permission to other users to shutdown your server. The sudo command allows a permitted user to execute a command as the superuser or another user, as specified in the /etc/sudoers file. Login as a root user and type the visudo command to edit the sudoers file.
Use Configuration
In this example, allow user rocky to shutdown computer (first login as a root user):
$ su -
# visudo
Append the following configuration to a file:
rocky server.example.com=/sbin/halt /sbin/reboot
Save file and close the file. Now, rocky user can halt server by typing the following command:
$ sudo /sbin/halt
Output:
Password:
Please note that at password prompt rocky need to type his own password.
Another option is add users to /etc/shutdown.allow access control file. shutdown command can see if an authorized user is logged in on one of the virtual consoles. If shutdown command is called with the -a argument , it checks to see if the file /etc/shutdown.allow is present. It then compares the login names in that file with the list of people that are logged in on a virtual console only if one of those authorized users or root is logged in, it will proceed. Otherwise, it will write the message
shutdown: no authorized users logged in
First login as a root user:
# echo rocky >> /etc/shutdown.allow
Alternatively, use a text editor such as vi to add a username to etc/shutdown.allow file (max 32 names are allowed at a time):
# vi /etc/shutdown.allow
Finally, rocky can login and type the following command:
rocky@server1 $ /sbin/shutdown -a -h 0
See also:
Linux 25 PHP Security Best Practices For Sys Admins
40 Linux Server Hardening Security Tips [2019 edition]
Allow A Normal User To Run Commands As root Under Linux / UNIX Operating Systems
21 Examples To Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
Top 25 Nginx Web Server Best Security Practices
Linux Rename Multiple Files At a Shell Prompt
30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
Very Great Article….. Like it so Much..
Nice topic.
But in :
# touch /etc/shutdown.allow
# echo”username” >> /etc/shutdown.allow
The first line is useless. (touch)
Once again thanks for pointing it out 🙂
Yep – but then you typed it too quickly
echo”rokcy” >> /etc/shutdown.allow
should read
echo “rocky” >> /etc/shutdown.allow
and by the way, these quotes are useless here. I’ve never seen a user login that would require quoting, BTW.
echo rocky >> /etc/shutdown.allow
My bad 🙁
Well I share the easy part.
But again,
You still mispelled it – that’s r-o-c-k-y
not r-o—k—c—-y
breeze deeply. ;-))
I’m embarrassed to say that it took me forever to realize a typo 🙁
That’s great info. It works and thanks a lot.
at least in debian systems the shutdoen.allow only works for the alt+ctrl+del way of it.
still the user isn’t allowed to invoke /sbin/shutdown…
Looks this topics needs a revisit todat. My distro (SL 6.4) has user verion of poweroff, halt, reboot provide by usermode package. I can shutdown, reboot as a normal user (from the command line as well)
$ which {poweroff,reboot,halt}
/usr/bin/poweroff
/usr/bin/reboot
/usr/bin/halt
rpm -qf $(which poweroff reboot halt)
usermode-1.102-3.el6.x86_64
usermode-1.102-3.el6.x86_64
usermode-1.102-3.el6.x86_64
As root
# which {poweroff,reboot,halt}
/sbin/poweroff
/sbin/reboot
/sbin/halt
# rpm -qf $(which poweroff reboot halt)
upstart-0.6.5-12.el6.x86_64
upstart-0.6.5-12.el6.x86_64
upstart-0.6.5-12.el6.x86_64