Ubuntu – How to disable shutdown/reboot/suspend/hibernate


I have an Ubuntu 10.04 LTS Desktop PC with GNOME.

How can I fully disable the reboot/shutdown/suspend/hibernate functions in GNOME or even with root? So that the root gives out the "reboot" or "pm-suspend" command it doesn't do anything, and the machine goes on. How can I fully disable these basic "features"?

Best Answer

User access to these actions are controlled by polkit. In particular, they correspond to the following actions:

  • org.freedesktop.consolekit.system.stop
  • org.freedesktop.consolekit.system.restart
  • org.freedesktop.upower.suspend
  • org.freedesktop.upower.hibernate

All of these actions are allowed by default for active local users (although consolekit further restricts the first two permissions to only work when there is a single user logged into the system).

If you want to disable these actions create a file /etc/polkit-1/50-local.d/disable-shutdown.pkla containing something like:

[Disable shutdown/whatever]

This should prevent those actions from completing. More information on these policy files can be found by running man pklocalauthority.

If you are trying to restrict root though, this will only be a minor inconvenience. By definition, root is an unrestricted account according to the traditional UNIX discretionary access control system. If you can't trust users you've given full root access to, then you've got bigger problems than them just shutting down the system.

Note that in later Ubuntu versions somebody decided to break compatibility. As answered in How to disable shutdown/reboot from lightdm in 14.04? the action seems to have changed to "org.freedesktop.login1.reboot" (and the-like).

For example in 14.04 adding the following lines as /etc/polkit-1/localauthority/50-local.d/restrict-login-powermgmt.pkla works:

[Disable lightdm PowerMgmt]

In addition note that this method block solely reboot/etc commands issued from GUI. To block reboot/etc commands from command line one may use molly-guard - as explained in Disabling shutdown command for all users, even root - consequences?