How to deny regular users in the wheel group from starting and stopping a service through providing their own password?

Solution Verified - Updated -

Issue

  • A regular user in the wheel group can execute systemctl start service and systemctl stop service commands after providing its own password.

    [root@rhel-9 ~]# id test
uid=1005(test) gid=1006(test) groups=1006(test),10(wheel)

[test@rhel-9 ~]$ systemctl stop httpd
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as: test
Password: 
==== AUTHENTICATION COMPLETE ===

  • Expected result:

    [test@rhel-9 ~]$ systemctl start httpd
Failed to start httpd.service: Access denied
See system logs and 'systemctl status httpd.service' for details.

Environment

  • Red Hat Enterprise Linux 9
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 7
  • systemd
  • polkit

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content