I have an Ubuntu 10.04 LTS Desktop PC with GNOME.
How can I fully disable the reboot/shutdown/suspend/hibernate functions in GNOME or even with root? So that the root gives out the "reboot" or "pm-suspend" command it doesn't do anything, and the machine goes on. How can I fully disable these basic "features"?
Best Answer
User access to these actions are controlled by polkit. In particular, they correspond to the following actions:
org.freedesktop.consolekit.system.stoporg.freedesktop.consolekit.system.restartorg.freedesktop.upower.suspendorg.freedesktop.upower.hibernateAll of these actions are allowed by default for active local users (although
consolekitfurther restricts the first two permissions to only work when there is a single user logged into the system).If you want to disable these actions create a file
/etc/polkit-1/50-local.d/disable-shutdown.pklacontaining something like:This should prevent those actions from completing. More information on these policy files can be found by running
man pklocalauthority.If you are trying to restrict
rootthough, this will only be a minor inconvenience. By definition,rootis an unrestricted account according to the traditional UNIX discretionary access control system. If you can't trust users you've given fullrootaccess to, then you've got bigger problems than them just shutting down the system.Note that in later Ubuntu versions somebody decided to break compatibility. As answered in How to disable shutdown/reboot from lightdm in 14.04? the action seems to have changed to "org.freedesktop.login1.reboot" (and the-like).
For example in 14.04 adding the following lines as
/etc/polkit-1/localauthority/50-local.d/restrict-login-powermgmt.pklaworks:In addition note that this method block solely reboot/etc commands issued from GUI. To block reboot/etc commands from command line one may use molly-guard - as explained in Disabling shutdown command for all users, even root - consequences?