Personally, this is what I'd use sudo for.
You can configure sudo to allow only certain commands with or without a
password. Not a lot of detail, but you can either require or skip the
password. And, instead of individuals - you can use groups. If you look
through the soders file, you'll see how it's doen.
This very brief article goes into a limited how-to:
On Fri, Feb 2, 2018 at 9:09 AM, Felipe Westfields <
> I would like to be able to allow regular users that don't have admin
> privileges to be able to reboot their workstation. (they're software
> developers so rebooting their workstation doesn't affect anybody else)
> I tried changing the ownership of /sbin/reboot and /sbin/shutdown to
> root:users and permissions to 550, but that didn't work - it's still asking
> for root privileges.
> Possibly the problem might be that there's centralized LDAP authentication,
> not local, so the changes I made only apply to local accounts?
> Any suggestions?
> CentOS mailing list
Natrona County Beekeepers <http://ncbees.org>
Casper Amateur Radio Club <http://casperarc.net>
By sending an email to or replying in any way to ANY of my addresses,
numbers, comments or messages, you are agreeing that:
1. I am, by definition, "the intended recipient" - in spite of and
regardless of your intent, real or imaginary.
2. If you need to know that you know who is receiving your communications
and must also be able to verify they were not tampered with in any way,
while en route as well as verify receipt (but not comprehension), you must
use PKI and have a verified Public Key published in an accessible location.
NOTE: if your PKI Public Key is not signed by anyone I recognize, it will
not be trusted. Unless I choose otherwise.
2. All information in any received communication is mine to do with as I
see fit. I will make such financial gain, profit, political mileage, social
satire, public value or jokes - as it lends itself and as I choose. In
particular, I may quote it on usenet, IRC, SMS and/or future SMTP
communications, regardless of SSL or TLS implementation, not inclusive.
3. I may take the contents of your messages as representing the views of
your company, country or agency. Particularly if you've used a TLD owned by
or under control of said entity.
4. This agreement - now that you've read this far - is now a contract and
absolutely overrides any disclaimer or statement of confidentiality that
may or may not be included, implied or missing in any of your messages.
Especially as such things are meaningless, pointless and carry no weight,
authority or validity, be they mass, legal or emotional, in spite of what
your cousin said.
CentOS mailing list