5

I have a laptop with Ubuntu 16.06. I am able to execute reboot command as a non-root user without sudo. How can I change this behaviour so that I am not able to run reboot without sudo? I tried checking where reboot actually points:

user:~$ which reboot
/sbin/reboot
user:/sbin$ ls -l reboot
reboot -> /bin/systemctl

But I do not know how to change systemctl behaviour.

Mikhail
  • 160
  • 1
  • 7

2 Answers2

5

This is not a matter of changing systemctl. That is a red herring. systemctl queries the "Policy Kit" to determine whether a particular user, logged on in particular way, is allowed to reboot the system. You need to change, in Policy Kit, who is permitted to run the org.freedesktop.login1.reboot action. You probably want to change the rules for the three classes of log-on from yes to auth_admin (or auth_admin_keep).

Further reading

JdeBP
  • 68,745
  • Could you expand in your answer on how exactly should I change the rules for the three classes? I have visited all three links you provided, but there is no explanation or examples of how actually do what I want. – Mikhail Aug 03 '17 at 08:36
  • I can't believe how complicated it is to configure the system to disallow non-root users from being able to reboot or shutdown. – Michael Burr Sep 05 '20 at 11:33
0

My trick is to add the following alias in the .bashrc

alias reboot='echo "Your account is not allowed to run the reboot command without sudo"'

Jay
  • 11
  • 1
    This easy solution worked for me. Note: I am not trying to make it impossible to run reboot for security reasons, simply I like to accidentally type reboot and lose all my work without expecting it! – benathon Jul 03 '20 at 06:03