Red Hat Bugzilla – Bug 1303892
reboot can now be run by unprivileged users
Last modified: 2016-02-02 09:24:23 EST
Description of problem: I found out by accident that the 'reboot' command can now be run by an unprivileged user - you don't need to be root to use it. One thing I don't know is whether this user needs to be the user you're logged in as. Version-Release number of selected component (if applicable): systemd-222-13.fc23.x86_64 How reproducible: 100% Steps to Reproduce: 1.Go to unprivileged shell prompt. Type reboot. Hit enter. 2. 3. Actual results: System reboots Expected results: Should get an error message telling me that I don't have sufficient privilege for this. System should not reboot. Additional info: I have /usr/sbin in my path because that directory contains some useful programs that can be run as an unprivileged user - wireshark for example.
Yes, it's intentional. Users logged in at a physical console get a right to reboot the machine. This is done through policykit, see /usr/share/polkit-1/actions/org.freedesktop.login1.policy. You can always override this setting locally.
This seems to show the right way to override it: https://www.centos.org/forums/viewtopic.php?f=47&t=50936