Disable Power Options of Linux ServerApr 11th 2020Words: 883
Background
In my case an unattended Linux server is running some service at my office. I want to disable the shutdown function to prevent accidental operation, since the only way to turn the machine back on is to drive to the office and push the power button.
Disable command
To prevent dangerous command be executed by some sudoer:
sudo visudo
1 2 3 4 5 6 7 8 9 10 11 12
# Cmnd alias specification Cmnd_Alias DISABLED = /sbin/shutdown,/sbin/halt,/sbin/poweroff
# User privilege specification root ALL=(ALL:ALL) ALL, !DISABLED
# Members of the admin group may gain root privileges %admin ALL=(ALL) ALL, !DISABLED
# Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL, !DISABLED
For each of these settings the following options are available:
no: The user is not authorized to carry out the action. There is therefore no need for authentication. yes: The user is authorized to carry out the action without any authentication. auth_self__: Authentication is required but the user need not be an administrative user. __auth_admin: Authentication as an administrative user is required. auth_self_keep: The same as auth_self but, like sudo, the authorization lasts a few minutes. auth_admin_keep: The same as auth_admin but, like sudo, the authorization lasts a few minutes.
<actionid="org.freedesktop.login1.power-off"> <descriptiongettext-domain="systemd">Power off the system</description> <messagegettext-domain="systemd">Authentication is required for powering off the system.</message> <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>no</allow_active> </defaults> <annotatekey="org.freedesktop.policykit.imply">org.freedesktop.login1.set-wall-message</annotate> </action>
<actionid="org.freedesktop.login1.power-off-multiple-sessions"> <descriptiongettext-domain="systemd">Power off the system while other users are logged in</description> <messagegettext-domain="systemd">Authentication is required for powering off the system while other users are logged in.</message> <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>no</allow_active> </defaults> <annotatekey="org.freedesktop.policykit.imply">org.freedesktop.login1.power-off</annotate> </action>
<actionid="org.freedesktop.login1.suspend"> <descriptiongettext-domain="systemd">Suspend the system</description> <messagegettext-domain="systemd">Authentication is required for suspending the system.</message> <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>no</allow_active> </defaults> </action>
<actionid="org.freedesktop.login1.suspend-multiple-sessions"> <descriptiongettext-domain="systemd">Suspend the system while other users are logged in</description> <messagegettext-domain="systemd">Authentication is required for suspending the system while other users are logged in.</message> <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>no</allow_active> </defaults> <annotatekey="org.freedesktop.policykit.imply">org.freedesktop.login1.suspend</annotate> </action>
<actionid="org.freedesktop.login1.hibernate"> <descriptiongettext-domain="systemd">Hibernate the system</description> <messagegettext-domain="systemd">Authentication is required for hibernating the system.</message> <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>no</allow_active> </defaults> </action>
<actionid="org.freedesktop.login1.hibernate-multiple-sessions"> <descriptiongettext-domain="systemd">Hibernate the system while other users are logged in</description> <messagegettext-domain="systemd">Authentication is required for hibernating the system while other users are logged in.</message> <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>no</allow_active> </defaults> <annotatekey="org.freedesktop.policykit.imply">org.freedesktop.login1.hibernate</annotate> </action>
<actionid="org.xfce.power.xfce4-pm-helper"> <description>Suspend or hibernate the system</description> <message>Authentication is required to place the system in suspend or hibernate mode</message> <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>no</allow_active> </defaults> <annotatekey="org.freedesktop.policykit.exec.path">/usr/sbin/xfce4-pm-helper</annotate> </action>