How to Disable Shutdown and Reboot Commands in Linux

The shutdown command schedules a time for a Linux system to be powered down, it may as well be used to halt, power-off or reboot the machine when invoked with particular options and reboot instructs the system to restart.

Certain Linux distros such as Ubuntu, Linux Mint, Mandriva just to mention but a few, make it possible to reboot/halt/shutdown the system as a normal user, by default. This is not ideal setting especially on servers, it must be something to worry about especially for a system administrator.

In this article, we will show how to disable shutdown and reboot commands for normal users in Linux.

Disable Shutdown and Reboot Commands in Linux

The easiest way to disable shutdown and reboot commands using the /etc/sudoers file, here you can specify a user (tecmint) or group (developers) which are not allowed to execute these commands.

# vi /etc/sudoers

Add these lines to Command Aliases section.

Cmnd_Alias     SHUTDOWN = /sbin/shutdown,/sbin/reboot,/sbin/halt,/sbin/poweroff

# User privilege specification
tecmint   ALL=(ALL:ALL) ALL, !SHUTDOWN

# Allow members of group sudo to execute any command
%developers  ALL=(ALL:ALL) ALL,  !SHUTDOWN

Now try to execute shutdown and reboot commands as normail user (tecmint).

Command shutdown and Reboot Disabled for User
Command shutdown and Reboot Disabled for User

Another way is to remove execution permissions on shutdown and reboot commands for all users except root.

# chmod o-x /sbin/shutdown
# chmod o-x /sbin/reboot

Note: Under systemd, these file(/sbin/shutdown, /sbin/reboot, /sbin/halt, /sbin/poweroff) are only symbolic links to /bin/systemctl:

# ls -l /sbin/shutdown
# ls -l /sbin/reboot
# ls -l /sbin/halt
# ls -l /sbin/poweroff
SystemD Symbolic Links
SystemD Symbolic Links

To prevent other users from running these commands, you would simply remove execution permissions as explained above, but this is not effective under systemd. You can remove execution permissions on /bin/systemctl meaning all other users except root will only run systemctl.

# chmod  o-x /bin/systemctl

You may also want to learn how to disable certain functionalities such as SSH root login and limit SSH access, SELinux, unwanted services in Linux by reading through these guides:

  1. How to Enable and Disable Root Login in Ubuntu
  2. How to Disable SELinux Temporarily or Permanently in RHEL/CentOS 7/6
  3. Disable or Enable SSH Root Login and Limit SSH Access in Linux
  4. How to Stop and Disable Unwanted Services from Linux System

That’s it! In this article, we showed how to disable shutdown and reboot commands for normal system users in Linux. Do you know of any other way of doing this, share it with us in the comments.

If you read this far, tweet to the author to show them you care. Tweet a thanks
Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

6 thoughts on “How to Disable Shutdown and Reboot Commands in Linux”

  1. Hello, how many white spaces should I leave between the user and the rest of this sentence:

    tecmint   ALL=(ALL:ALL) ALL, !SHUTDOWN
    

    Same question for this one as well:

    Cmnd_Alias     SHUTDOWN = /sbin/shutdown,/sbin/reboot,/sbin/halt,/sbin/poweroff
    

    And this file needs to be reloaded after I modify it with some /etc/init.d … ? Thank you

    Reply
    • @Dimitry

      Simply remove the Cmnd_Alias SHUTDOWN = /sbin/shutdown,/sbin/reboot,/sbin/halt,/sbin/poweroff line from sudoers file and !SHUTDOWN.

      Reply
  2. sudo su
    shutdown

    “Security” breached. Probably only a few dozen other ways to bypass that restriction. If you give someone sudoers ALL then you’ve pretty much given them the keys to the kingdom.

    Reply

Got something to say? Join the discussion.

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.