>>> Martin Wilck <mwilck@xxxxxxxx> schrieb am 01.12.2021 um 10:41 in Nachricht <a64771271a667804c450a13481cee06180965b12.camel@xxxxxxxx>: > On Wed, 2021‑12‑01 at 10:24 +0100, Ulrich Windl wrote: >> > > >> >> And I wonder what's wrong with allowing the shutdown command for the >> user in >> sudoers. >> (sudo $(which shutdown) ‑r now) > > Sure. I thought sudo might not be installed on that embedded system, > either. If it is, I'd prefer it over other solutions simply because > it's more transparent. Capability bits tend to go unnoticed. > Quote from OP: "Previously the guest user was in sudoers (so to run reboot the systemd service uses "sudo") but actually our customer wants to remove the guest user from sudoers." It was some odd security debate: If someone can operate as guest he/she should not be able to reboot, while the guest user should be. (Maybe I misunderstood. Any case some details for the problem are missing) > Martin