User can shutdown system.
 

Hello,

I just defined a new user on the system. User has a UID of 502.

He is using KDE on Centos5.

This isn't a root user but when he goes to log out he gets a screen where he can do one of the following:

Turn Off Computer
End Current Session
Restart Computer
Cancel

The user is logging in at the master terminal, not remotely.

Because this user is just a general user and never as root, is there any way to not allow him to use any of the above options except Cancel and End Current Session? I never what such a user to turn off the machine or restart it.

Thanks.

assuming you use KDE as well...click into kde control center/System Admin/Login Mgr/
click on admin ....enter root password and go to shutdown tab

allow shutdown...change from everyone to only root.

Observe the pathway to the reboot command....it may be /usr/bin or /bin or /sbin etc

click oK and exit.

If you use KDE go into Konqueror in root mode and change the permissions of that reboot to rwx for root and r-- for group and others

Defining who can shutdown or restart the computer is done in a file called kdmrc. The problem is that different distributions put kdmrc in different places. Find kdmrc with:

find / -iname "*kdmrc*"

Then look through kdmrc for lines similar to:

AllowShutdown=All
AllowShutdown=none
AllowShutdown=username

Some of these lines will apply to root, some to remote users, and some to local users. Figure out which one applies to local users and set:

AllowShutdown=none


----------------------------
Steve Stites

You might want to change the execution flags for several Linux commands such as reboot, shutdown, halt, init, and telinit, so that non-root users/groups cannot open up a console and run these commands manually.
(Some are links to actual programs.)
Also check /etc/sudoers and don't forget suid/guid.
There may be other commands also (anyone?).

Not sure if you will have side-effects though.

Have you considered physical access to the power button and power cord on the master terminal? So no restart or shutdown on the menu, what will prevent the user from leaning over and either pushing the the power button or pulling the cord? Or is this not a concern?

X is running as root and so has access to these commands. There's no need to change file permissions on the executables and doing so will have no effect.

The options are to either change those settings specific to KDE (or Gnome) or to have X start in user mode (boot to runlevel 3, then have "startx" in your user login scripts).

I believe in the original post the poster did not want a non-root user to be able to reboot/shutdown the system.
Disabling the options in KDE/Gnome (or whatever GUI) will only stop the user from selecting those options from the menu, it will not stop them from opening a terminal window and manually typing the commands.
And that is what I was trying to address.
Of course that will not stop someone from physically hitting the on/off/reset switch or even pulling the plug.

they are all good replies, lets wait for the OP to reply?

I wouldn't hold my breath. :D