As far as I know, no direct way (like a haltrc file that allows you to restrict who can run it).
However, since you need to run shutdown as root (either as root or prefixed with sudo) you CAN change the /etc/sudoers file like so:
Code:
username localhost=/sbin/shutdown
%groupname localhost=/sbin/shutdown
This will allow them to run the specified command(s) only from localhost, and not from a remote machine over ssh. The group name is optional (as is the username), I only included it so you can see how it's used. You can just as easily specify a bunch of individual users, or a group with no individual users.
FYI: If you have a server with multiple users who all can play with the root account directly, though, you should fix that problem first
PS Make sure you don't accidentally (especially with a group specification) restrict yourself from restarting the machine remotely!