Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: VMware V12 and V15 in Windows 10, MX Linux 23.1, Kubuntu 23.10, IBM z/VM 5.4
Posts: 558
Rep:
Preventing System Shutdown
Greetings, we have a Kubuntu Linux machine which I have set up so several people here can test a Linux system to see if they would like to use Linux for their daily work.
This is working out fine except for the issue that each user is able to shut down the machine at the end of their testing. They aren’t logging off but shutting down the machine.
I find this not to be acceptable but I don’t know of any way to stop this from happening. I would like to restrict these users for being able to shut down the system but I haven’t figured out a resolutions after trying a number of things, nothing works.
Is there a way to define a general user from only logging off and not being able to shut down the system. We are only using one physical terminal for the Linux system at this time. My user id is should be the only super user being able to shut things down.
Have you tried talking to the humans involved? i.e. say "please do not shutdown when you are finished, just logout" when you introduce them to the machine.
You can easily prevent accidental shutdowns by removing the icon from the Application menu (right-click>remove from favourites), and Settings>Workspace>Startup and Shutdown has a checkbox for "Offer shutdown options" which you can deselect.
If there's any other methods, then just login with another user and leave that session in the background - I presume Plasma will prompt in some way if a shutdown is attempted whilst someone else is logged in.
Greetings, we have a Kubuntu Linux machine which I have set up so several people here can test a Linux system to see if they would like to use Linux for their daily work.
This is working out fine except for the issue that each user is able to shut down the machine at the end of their testing. They aren’t logging off but shutting down the machine.
I find this not to be acceptable but I don’t know of any way to stop this from happening. I would like to restrict these users for being able to shut down the system but I haven’t figured out a resolutions after trying a number of things, nothing works.
Is there a way to define a general user from only logging off and not being able to shut down the system. We are only using one physical terminal for the Linux system at this time. My user id is should be the only super user being able to shut things down.
This is actually the standard behaviour. Users are by default NOT allowed to shut down the machine. This behaviour has been changed in most distroes though, to allow users to shutdown and reboot. From what I remember, KDE and SSDM adapts to this access, and removes the shutdown and reboot buttons if the user does not have those rights, so it will also look right, not just act right.
However, I can't say that I know how this behaviour is regulated in Kubuntu. It adds Sudo into the mix, but normally this kind of setting should be found in /etc.. Maybe in kubuntu it's in /etc/shutdown.allow. But you should probably also look around in /etc/sudo*
So, just to sum up. You're NOT looking for a way to restrict users. You are looking for a way to reset the behaviour to the standard (only root can reboot/shutdown). This access has been granted to users, and /etc should reflect that somewhere. You might also want to look into /etc/groups and a command "systemctl". In many distroes systemd controls shutdown and reboot and /sbin/shutdown points to /bin/systemctl..
I sadly can't tell you how to change it with systemd, because it tends to make easy things very complicated, and finding out very difficult.
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,801
Rep:
Quote:
Originally Posted by swamprat
Greetings, we have a Kubuntu Linux machine which I have set up so several people here can test a Linux system to see if they would like to use Linux for their daily work.
This is working out fine except for the issue that each user is able to shut down the machine at the end of their testing. They aren’t logging off but shutting down the machine.
How are they shutting it down? Via the command line (shutdown -h or halt)? Or by having physical access (using the so-called "Big Red Switch")?
You can prevent them from using the former, the latter is more difficult.
When their accounts are setup, you should be able to remove their rights to the shutdown command. If they're just trying out Linux, at the very least I'd remove any access to root functions through the use of sudo.
Distribution: VMware V12 and V15 in Windows 10, MX Linux 23.1, Kubuntu 23.10, IBM z/VM 5.4
Posts: 558
Original Poster
Rep:
Thanks all for your replies. The Sudoers file is a nightmare for a newbi. Can anyone point me to a good example of how to arlter this file preventing various from using certain commands such as shutdown, sleep etc.? I know I have to use a different version of the vi command while editing this file in order not to do something nasty to it. Thanks
Thanks all for your replies. The Sudoers file is a nightmare for a newbi. Can anyone point me to a good example of how to arlter this file preventing various from using certain commands such as shutdown, sleep etc.? I know I have to use a different version of the vi command while editing this file in order not to do something nasty to it. Thanks
This is what happens when I change the shutdown policy for users in a GNU/Linux distro with systemd:
Doing this means root can also not use "shutdown" or "reboot" etc. Which means if you want to shut down the computer with root, you could need to use "systemctl shutdown" instead.
If I change it back, it puts back the symbolic links and moves /etc/shutdown.allow to another irrelevant file (backup).
Quote:
INFO: made symbolic link from ../bin/systemctl to /usr/bin/shutdown
/etc/inittab may or may not contain a line like this "ca::ctrlaltdel:/sbin/shutdown -t3 -r now". If you remove this line, you cannot shutdown by pressing ctrl+alt+delete either.
So, if you have an idea what is going on here, and you can VERIFY that those files mentioned above are symbolic links, you could probably solve this situation by deleting those symbolic links and creating an empty file /etc/shutdown.allow.
Or you could just delete those files in any case and hope for the best
The Sudoers file is a nightmare for a newbi. Can anyone point me to a good example of how to arlter this file preventing various from using certain commands such as shutdown, sleep etc.?
Thanks all for your replies. The Sudoers file is a nightmare for a newbi. Can anyone point me to a good example of how to arlter this file preventing various from using certain commands such as shutdown, sleep etc.? I know I have to use a different version of the vi command while editing this file in order not to do something nasty to it. Thanks
What? Are you sure you tried all the suggestions in post #2 before digging that deep?
I think that "JJJCR's" solution is probably the most practical: just add a login-banner which tells them ... "Please just log off when you're done – please don't shut down the machine. Thanks."
Hey – when I'm finished using my personal computer each night, I routinely "shut down the machine." It's just what I do and have always done, and I think nothing about it. "Oh ... you don't want me to do that? Okay. Sure. No problem."
Last edited by sundialsvcs; 08-24-2021 at 09:15 AM.
I think that "JJJCR's" solution is probably the most practical: just add a login-banner which tells them ... "Please just log off when you're done – please don't shut down the machine. Thanks."
This is a Debian-based distro. It should have molly-guard in the repository. I guess it would be a tad more effective than just a login banner. To work for non-SSH sessions, you'll have to configure it via /etc/molly-guard/rc though.
Distribution: VMware V12 and V15 in Windows 10, MX Linux 23.1, Kubuntu 23.10, IBM z/VM 5.4
Posts: 558
Original Poster
Rep:
Greetings,
First thank you again for your replies, very informative. I was just wondering if couldn't one use 'acls' to stop access to the questioned commands and if so how? Seems that also might work instead of using Sudoers.
First thank you again for your replies, very informative. I was just wondering if couldn't one use 'acls' to stop access to the questioned commands and if so how? Seems that also might work instead of using Sudoers.
No, because they are not real commands in a systemd, they are systemd slaves. Back in the days, you could just remove a user from the shutdown group, easy peacy. If there is a solution to this that is not deleting those symlinks, then it is a systemd internal function. And like most things with systemd it just complicate simple things, and there is a lack of documentation floating around the web.
The real commands are "sysctemctl poweroff" and such things. Ofcourse they could also not even keep the name.
The question originally asked is not a question of deep system commands, but a question of configuring certain elements of the desktop so that there's no shutdown option, only logout.
This Should(tm) be possible to achieve from within the desktop environment.
I do not use KDE, but it is known for its configurability.
Once again, I think boughtonp had the best answer in post #2. This search seems to have answers, too.
I do not use KDE, but it is known for its configurability.
It is, but it is a desktop and not responsible for system functions. There are tweaks you can do to make the scenario less likely, but ultimately the KDE logout/shutdown is adapted to what the system allows.
I've given a solution that works, and it doesn't rely on human nature. There is and should be no need to tell anyone anything about not doing this and that, it's fully possible to turn off! If those functions are not allowed on a system level (user shutdown/reboot/etc), then they are also not shown in KDE logout/shutdown options.
Perhaps the system administrator is inexperienced, but at the very least, he should be able to create a folder /root/backup, and move those 4 "files" mention into that folder (he can even include it in his path). That way he can just move them back in case he is insecure. It is not really that dangerous, and the skill level required is not so high. There, I even gave him an easier way to do it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.