07 November 2013

disabling suspend/hibernate/shutdown for all users but root

my situation:

we have a screen along with a keyboard and mouse in a scrum room at work. the computer is in a locked rack closet on the other end of the floor. i do not have direct access to this room. this computer serves as a portal for internet access and conference calling. i installed fedora linux on the system.

because of the remoteness about it, the keyboard was one that had a power button on it. occasionally, it would get bumped and shutdown the system. this meant we had to find someone to unlock the door to physically power the computer back up. we were successful in disabling the power button on the keyboard, but we still had a problem with being able to shutdown the machine from the gnome interface.

my solution:

i probed in #fedora on freenode and was pointed to using a policykit policy to limit suspend/hibernate/shutdown access to root only. the first link i found was this one:


the syntax for the first response was for an older version of policykit. a little further investigation led me to this link:


the reference in the last post indicated this file has the control i needed:


using the values in the first link, i plugged them into that policy file and was able to get it working.

i didn’t adjust the media seating or flushing, but all the power controls were set for allow_any to be “auth_admin,” and the allow_active and allow_inactive to “no.”