How to deny a regular user in the wheel group from starting and stopping a service through providing the root password?

Solution Verified - Updated -

Issue

  • A regular user in the wheel group can execute systemctl start service and systemctl stop service commands after providing their own password.

    [root@rhel-7 ~]# id test
    uid=1005(test) gid=1006(test) groups=1006(test),10(wheel)
    
    [test@rhel-7 ~]$ systemctl stop httpd
    ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
    Authentication is required to manage system services or units.
    Authenticating as: test
    Password: 
    ==== AUTHENTICATION COMPLETE ===
    
  • Expected result:

    [test@rhel-7 ~]$ systemctl start httpd
    Failed to start httpd.service: Access denied
    See system logs and 'systemctl status httpd.service' for details.
    

Environment

  • Red Hat Enterprise Linux 7
  • systemd
  • polkit

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In