Home --> IAQ -->

Restricting Access to Shutdown

By Jeffrey Howard
All rights reserved unless noted otherwise

Some versions of the Redhat distribution ship such that any user can shutdown the system if they are sitting at the console to the linux box. Some users find this undesirable.

Solutions

There are several ways to solve this problem. First, I'm told that this is controllable from linuxconf. On my own box, linuxconf is good for one thing: producing core files. But you may find a solution there.

You can create a file called /etc/shutdown.allow and list the names of the users permitted to use shutdown. Normally, that would include at least root and your own regular user account.

Others have pointed out that you'll want to prevent CTRL-ALT-DELETE from rebooting as well. If you edit /etc/inittab so that the trap for CTRL-ALT-DELETE is something other than /sbin/shutdown, you can prevent users from rebooting with that key combo altogether. More mildly, you can add -a as an option to the shutdown line. That should force shutdown to check the /etc/shutdown.allow file. If you do change /etc/inittab, you'll probably have to use the command "kill -HUP 1" to force it to reload the configuration file.

But Why Bother

Preventing non-root users from shutting down the machine from the console is really a software attempt at a solution to a hardware problem. If a malicious user wants to shutdown the machine, and the software prevents them, what's to stop them from just yanking the power cord? Preventing access to shutdown may prevent a malicious console user from shutting down to single user mode, but they can just power cycle the machine and boot into single user from LILO. You can add a BIOS password to counter that, but given a little time with a screwdriver, BIOS passwords can be defeated as well. The real effort is in deciding what you're reasonably at risk from.

(The above primarily applies to home computer users. Obviously, if you're providing some kind of time-shared computing service like web hosting, you can provide good physical security for your server, at which point this kind of thing does matter.)