20

I have a ubuntu pc running as a plex server. How do I get it so that no one can shutdown the computer but only allow the user to reboot the machine? I know it is possible in windows but I am just wondering if it is possible on ubuntu.

muru
  • 193,181
  • 53
  • 473
  • 722
David Holland
  • 303
  • 2
  • 6
  • Note that to make it so nobody can power off the system, you need to completely restrict physical access to the machine. Anybody who can physically touch the system can either just pull the plug, or hard-poweroff by just holding the power button for a few seconds. – Austin Hemmelgarn Jan 05 '22 at 12:03
  • 2
    @AustinHemmelgarn Disconnecting the power button from the motherboard is a 1-minute job (together with setting the machine up to power on after AC loss). However, making it impossible to pull the plug might be harder and also illegal in some locales (for fire safety reasons). – TooTea Jan 05 '22 at 12:13
  • @TooTea Disconnecting the power button internally doesn’t eliminate the requirement for physical security, even if you ignore the power cord issue. You would have to still prevent access to the inside of the case. And, for that matter, if you have a physical console, anybody with access to it can almost certainly shut down the system unless you have both the bootloader and emergency mode password protected. – Austin Hemmelgarn Jan 05 '22 at 12:17
  • @AustinHemmelgarn I would assume that any machine that's physically accessible to untrusted users already has a BIOS password and a lock on the case (I've also seen rivets in place of case screws, but that complicates maintenance somewhat). – TooTea Jan 05 '22 at 12:22
  • @AustinHemmelgarn Most likely OP is primarily concerned with remote access; presumably they have a high level of trust over the users they are giving this level of privilege but would like to avoid the inconvenience of a user inadvertently (or perhaps as an otherwise harmless prank) shutting the machine down therefore requiring someone to have physical access to the machine to resolve the problem. – Bryan Krause Jan 05 '22 at 20:32
  • 1
    @TooTea I would assume that any untrusted user with physical access to the machine knows how to bypass the BIOS password and pick the lock. – chepner Jan 05 '22 at 22:10
  • 6
    @chepner I would assume that any untrusted user with physical access to the machine knows how to hit it repeatedly with a chair. – wizzwizz4 Jan 05 '22 at 23:04
  • 3
    @wizzwizz4 That's the point. If they have physical access, all bets are off. – chepner Jan 05 '22 at 23:11
  • @BryanKrause Indeed, I agree from the context that that’s a reasonable assumption here, I just kind of feel obligated to point out the physical security aspect, because it’s something that is often either overlooked or evaluated based on incorrect assumptions by less experienced users. – Austin Hemmelgarn Jan 06 '22 at 01:53

2 Answers2

27

The most effective way to do this would be to mask the power off target like this:

sudo systemctl mask poweroff.target

Now it will be impossible for anyone to shut down the machine unless they hold down the power button or physically disconnect the machine from power.

Rebooting is unaffected by this mask.

In the event you need to shut the machine down in the future for maintenance or hardware replacement, you can unmask the target:

sudo systemctl unmask poweroff.target
matigo
  • 20,403
  • 7
  • 43
  • 70
  • 4
    I doubt this would affect the magic SysRq key stuff, like alt+sysrq+o to power off (https://en.wikipedia.org/wiki/Magic_SysRq_key), so if you have remote console access that looks to Linux like a real physical keyboard (e.g. via KVM-over-IP), you'd also want to secure the more interesting of those with `/etc/sysctl.d/10-magic-sysrq.conf`, if Ubuntu's default mask doesn't already prevent that (and perhaps unsafe reboots). – Peter Cordes Jan 06 '22 at 15:11
  • 1
    @PeterCordes ⇢ This is an interesting case that I've yet to encounter. Will need to do some studying. Thanks for the tip – matigo Jan 06 '22 at 15:14
  • Bit late but I tried this and this is the one that worked. – David Holland Jan 11 '22 at 03:14
10

If you just need to give the power to reboot to non-admin users, you can add an entry for them in your sudoers file for reboot (and/or systemctl reboot, depending what you want them to run). Then they will be able to run sudo reboot (and/or sudo systemctl reboot). This answer assumes that they do not otherwise have access to sudo — i.e., that they are normal, non-admin users that are not part of the wheel group.

The sudoers file lives at /etc/sudoers, but you should not edit it directly. Rather, you should only edit it using visudo. You'll need to be root to edit it, so you'll run sudo visudo. The visudo command will verify the syntax of your edits, and you should always use this to avoid breaking your config and preventing yourself gaining root access in the future.

Then you can add the something like following lines to your sudoers file:

username ALL=(root): /usr/sbin/reboot
username ALL=(root): /usr/bin/systemctl reboot

where username is the user's username (or %groupname for a group), and where the paths are the actual paths to the commands on your system (check with which, e.g., which reboot.).

For more information, check out man sudoers, man sudo, and man visudo.

Chris Bouchard
  • 1,001
  • 6
  • 6
  • You can also enable/disable non-root users ability to suspend/reboot [tweaking D-Bus config file](https://unix.stackexchange.com/q/749708/209677) – Pablo Bianchi Jul 13 '23 at 16:30