1、禁用普通用户通过命令行关机或重启服务器
[root@server ~]#vi /etc/polkit-1/rules.d/55-inhibit-shutdown.rules
polkit.addRule(function(action, subject) {
if (action.id.indexOf("org.freedesktop.login1.power-off") == 0 ||
action.id.indexOf("org.freedesktop.login1.reboot") == 0) {
try {
// user-may-reboot exits with success (exit code 0)
// only if the passed username is authorized
polkit.spawn(["/usr/local/bin/user-may-reboot",
subject.user]);
return polkit.Result.YES;
} catch (error) {
// Nope, but do allow admin authentication
return polkit.Result.AUTH_ADMIN;
}
}
});
:wq!
2、禁用普通用户通过界面关机或重启服务器
[root@server ~]#vi /etc/polkit-1/localauthority/50-local.d/restrict-login-powermgmt.pkla
[Disable lightdm PowerMgmt]
Identity=unix-user:*
Action=org.freedesktop.login1.reboot;org.freedesktop.login1.reboot-multiple-sessions;org.freedesktop.login1.power-off;org.freedesktop.login1.power-off-multiple-sessions;org.freedesktop.login1.suspend;org.freedesktop.login1.suspend-multiple-sessions;org.freedesktop.login1.hibernate;org.freedesktop.login1.hibernate-multiple-sessions
ResultAny=no
ResultInactive=no
ResultActive=no
:wq!