disable shutdown/reboot remotely
 

Hello!

Is there anyway to disable shutdown/reboot/halt etc commands from anyone not locally logged into the server?

As far as I know, no direct way (like a haltrc file that allows you to restrict who can run it).

However, since you need to run shutdown as root (either as root or prefixed with sudo) you CAN change the /etc/sudoers file like so:
This will allow them to run the specified command(s) only from localhost, and not from a remote machine over ssh. The group name is optional (as is the username), I only included it so you can see how it's used. You can just as easily specify a bunch of individual users, or a group with no individual users.

FYI: If you have a server with multiple users who all can play with the root account directly, though, you should fix that problem first :)

PS Make sure you don't accidentally (especially with a group specification) restrict yourself from restarting the machine remotely!

I definately agree, trust me! Its oracle consultants that unfortunately need mostly root access until they have completed the implementation. We just have to make sure that until this is done they don't randomly reboot the server again :)

Thanks for your help and it's exactly what I was looking for!

Well, you can restrict almost anything in this way, either whitelist or blacklist, in many different ways. Check out "man sudoers" for more information (the name of the config file itself, rather than the command).

Glad it helped!

I'm pretty certain that you can also do this by modifying a specific PAM module. But if you can do without touching it, then don't touch it. I've locked myself out of a system before and it's not pretty