Centos – How to ensure only the root user have the right to halt/reboot the system

centospermissionsrebootshutdown

CentOS Linux by default allows all users to have permission to "halt" & "reboot" the system by using the commands halt and reboot.

How can I configure my system so that only the root user has the right to halt/reboot the system?

Best Answer

CentOS/RHEL/Fedora

You can disable access to these commands by removing their entries in the /etc/security/console.apps/*:

$ $ ls /etc/security/console.apps/
authconfig      gparted          poweroff                      system-config-date      system-config-network-cmd  zenmap-root
authconfig-gtk  halt             reboot                        system-config-keyboard  system-config-selinux
authconfig-tui  kismet_capture   setup                         system-config-language  system-config-users
chkrootkit      liveusb-creator  system-config-authentication  system-config-lvm       wifi-radar
config-util     lshw-gui         system-config-boot            system-config-network   wireshark

$ rm -f /etc/security/console.apps/reboot

Above was found here: 27.2. Disabling Console Program Access - CentOS Deployment Guide

Hack method

I think you can achieve this by doing the following. In the directory /lib/upstart, are the following commands:

$ pwd
/lib/upstart

$ ls -la
total 176
drwxr-xr-x.  2 root root  4096 Sep  9  2011 .
dr-xr-xr-x. 16 root root 12288 May  4 21:27 ..
lrwxrwxrwx   1 root root     6 May 26  2011 halt -> reboot
lrwxrwxrwx   1 root root     6 May 26  2011 poweroff -> reboot
-rwxr-xr-x   1 root root 17112 May 11  2011 reboot
-rwxr-xr-x   1 root root 14472 May 11  2011 runlevel
-rwxr-xr-x   1 root root 65976 May 11  2011 shutdown
-rwxr-xr-x   1 root root 56304 May 11  2011 telinit

chmod 700 the reboot executable:

$ chmod 700 /lib/upstart/reboot

Related Solutions

Ubuntu – How to set that only root + a given user can shut down the pc

The shutdown binary will only work for the root user. The typical approach to this is to set up sudo rules to allow the user to execute shutdown as root. Assuming the user doesn't already have full sudo permissions (the first user on an Ubuntu desktop system does, for example) you might add the following line to /etc/sudoers (using the visudo utility, for safety):

joe    hostname=(root) /sbin/shutdown -h now

If you want them to be able to shut down without being prompted for their password, then add the NOPASSWD option, like this:

joe    hostname=(root) NOPASSWD: /sbin/shutdown -h now

You can modify the way they can run shutdown by using wildcards or explicit declarations. For example shutdown -h now allows an immediate halt of the system, it will not reboot. You could allow -r instead to reboot the system.

After you configure sudoers, joe can run the following command to reboot the system:

sudo /sbin/shutdown -h now

As joe, you can run the following command to see what commands you have access to run using sudo:

sudo -l

Centos – /etc/crontab permissions

This would be security by obscurity. There is no real benefit by preventing normal users from reading /etc/crontab. Even if a user can't read the file, it's still possible to gather the executed command just by regularly capturing the process list with ps or by reading /proc.

There should be no need at all to hide some administrative commands except when you put credentials in the command-line. But you should never put credentials in the command line anyway as a normal user can read the command-line, so no real benefit.

There is a mount option/kernel patch for procfs preventing PID leakage as well as some kernel modules like grsec which prevent PID leaks.

The benefit of having the file system readable is that you can have a look/debug the system as a non root user. You don't have to switch to the root user just to check the system crontabs.