How to deny regular users in the wheel group from starting and stopping a service through providing their own password?
Issue
-
A regular user in the
wheel
group can executesystemctl start service
andsystemctl stop service
commands after providing its own password.[root@rhel-9 ~]# id test uid=1005(test) gid=1006(test) groups=1006(test),10(wheel) [test@rhel-9 ~]$ systemctl stop httpd ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units === Authentication is required to manage system services or units. Authenticating as: test Password: ==== AUTHENTICATION COMPLETE ===
-
Expected result:
[test@rhel-9 ~]$ systemctl start httpd Failed to start httpd.service: Access denied See system logs and 'systemctl status httpd.service' for details.
Environment
- Red Hat Enterprise Linux 9
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 7
- systemd
- polkit
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.