How to Disable Shutdown and Reboot Commands in Linux

The shutdown command schedules a time for a Linux system to be powered down, it may as well be used to halt, power-off or reboot the machine when invoked with particular options and reboot instructs the system to restart.

Certain Linux distros such as Ubuntu, Linux Mint, Mandriva just to mention but a few, make it possible to reboot/halt/shutdown the system as a normal user, by default. This is not ideal setting especially on servers, it must be something to worry about especially for a system administrator.

In this article, we will show how to disable shutdown and reboot commands for normal users in Linux.

Disable Shutdown and Reboot Commands in Linux

The easiest way to disable shutdown and reboot commands using the /etc/sudoers file, here you can specify a user (tecmint) or group (developers) which are not allowed to execute these commands.

# vi /etc/sudoers

Add these lines to Command Aliases section.

Cmnd_Alias     SHUTDOWN = /sbin/shutdown,/sbin/reboot,/sbin/halt,/sbin/poweroff

# User privilege specification

# Allow members of group sudo to execute any command
%developers  ALL=(ALL:ALL) ALL,  !SHUTDOWN

Now try to execute shutdown and reboot commands as normail user (tecmint).

Command shutdown and Reboot Disabled for User

Command shutdown and Reboot Disabled for User

Another way is to remove execution permissions on shutdown and reboot commands for all users except root.

# chmod o-x /sbin/shutdown
# chmod o-x /sbin/reboot

Note: Under systemd, these file(/sbin/shutdown, /sbin/reboot, /sbin/halt, /sbin/poweroff) are only symbolic links to /bin/systemctl:

# ls -l /sbin/shutdown
# ls -l /sbin/reboot
# ls -l /sbin/halt
# ls -l /sbin/poweroff
SystemD Symbolic Links

SystemD Symbolic Links

To prevent other users from running these commands, you would simply remove execution permissions as explained above, but this is not effective under systemd. You can remove execution permissions on /bin/systemctl meaning all other users except root will only run systemctl.

# chmod  o-x /bin/systemctl

You may also want to learn how to disable certain functionalities such as SSH root login and limit SSH access, SELinux, unwanted services in Linux by reading through these guides:

  1. How to Enable and Disable Root Login in Ubuntu
  2. How to Disable SELinux Temporarily or Permanently in RHEL/CentOS 7/6
  3. Disable or Enable SSH Root Login and Limit SSH Access in Linux
  4. How to Stop and Disable Unwanted Services from Linux System

That’s it! In this article, we showed how to disable shutdown and reboot commands for normal system users in Linux. Do you know of any other way of doing this, share it with us in the comments.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide
The Complete Linux System Administrator Bundle
Become an Ethical Hacker Bonus Bundle

You may also like...

4 Responses

  1. Felix Andre says:

    Hello, how many white spaces should I leave between the user and the rest of this sentence:

    tecmint   ALL=(ALL:ALL) ALL, !SHUTDOWN

    Same question for this one as well:

    Cmnd_Alias     SHUTDOWN = /sbin/shutdown,/sbin/reboot,/sbin/halt,/sbin/poweroff

    And this file needs to be reloaded after I modify it with some /etc/init.d … ? Thank you

  2. Dimitry says:

    How to bring back this commands for all users?

  3. Someguy says:

    sudo su

    “Security” breached. Probably only a few dozen other ways to bypass that restriction. If you give someone sudoers ALL then you’ve pretty much given them the keys to the kingdom.

Leave a Reply to Someguy Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.