For whatever reason, we do no longer need to be root (or using sudo
) to run /sbin/shutdown
, /sbin/reboot
etc.
This seems to be because those executables are now symlinks to /bin/systemctl
which handles everything as normal user.
However, what if I want shutdown
and reboot
to require root authentication again? How can I achieve this?
Best Answer
Systemd does indeed handle the
shutdown
,reboot
and other commands, and the default privileges assigned are permissive. To change this, you need to create a Polkit rule. Create a.pkla
file in/etc/polkit-1/localauthority/50-local.d
(say,confirm-shutdown.pkla
) containing:The various shutdown, reboot, etc. commands are, in Polkit terms, actions in
org.freedesktop.login1
, for example,org.freedesktop.login1.power-off
,org.freedesktop.login1.reboot
, etc. The specific problem here is the default configuration, which is in/usr/share/polkit-1/actions/org.freedesktop.login1.policy
:Note that it allows the active user to power off, reboot, etc.