I have an Ubuntu 10.04 LTS Desktop PC with GNOME.
How can I fully disable the reboot/shutdown/suspend/hibernate functions in GNOME or even with root? So that the root gives out the "reboot" or "pm-suspend" command it doesn't do anything, and the machine goes on. How can I fully disable these basic "features"?
Best Answer
User access to these actions are controlled by polkit. In particular, they correspond to the following actions:
org.freedesktop.consolekit.system.stop
org.freedesktop.consolekit.system.restart
org.freedesktop.upower.suspend
org.freedesktop.upower.hibernate
All of these actions are allowed by default for active local users (although
consolekit
further restricts the first two permissions to only work when there is a single user logged into the system).If you want to disable these actions create a file
/etc/polkit-1/50-local.d/disable-shutdown.pkla
containing something like:This should prevent those actions from completing. More information on these policy files can be found by running
man pklocalauthority
.If you are trying to restrict
root
though, this will only be a minor inconvenience. By definition,root
is an unrestricted account according to the traditional UNIX discretionary access control system. If you can't trust users you've given fullroot
access to, then you've got bigger problems than them just shutting down the system.Note that in later Ubuntu versions somebody decided to break compatibility. As answered in How to disable shutdown/reboot from lightdm in 14.04? the action seems to have changed to "org.freedesktop.login1.reboot" (and the-like).
For example in 14.04 adding the following lines as
/etc/polkit-1/localauthority/50-local.d/restrict-login-powermgmt.pkla
works:In addition note that this method block solely reboot/etc commands issued from GUI. To block reboot/etc commands from command line one may use molly-guard - as explained in Disabling shutdown command for all users, even root - consequences?