Know Your Console: Art of Console Access

Disable Shutdown via Ctrl+Alt+Del
Comment following line from /etc/inittab file
ca::ctrlaltdel:/sbin/shutdown -t3 -r now

Allow non-privilege user to shutdown
to do so add -a option in a line from /etc/inittab file
ca::ctrlaltdel:/sbin/shutdown -a -t3 -r now
-a option looks for /etc/shutdown.allow file
create /etc/shutdown.allow in /etc. Add non-privilege user to whom you want to give an
authority to shutdown.

Disable Console Program Access
#rm -f /etc/security/console/apps/*

to disable powerroff, halt or reboot
#rm -f /etc/security/console.apps/{poweroff, halt, reboot}

DEFINING CONSOLE
The pam_console.so module uses the /etc/security/console.perms file to determine the
permissions for users at the system console. The syntax of the file is very flexible; you can edit the file
so that these instructions no longer apply. However, the default file has a line that looks like this:
=tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]\.[0-9] :[0-9]
When users log in, they are attached to some sort of named terminal, which can be either an X server
with a name like :0 or mymachine.example.com:1.0, or a device like /dev/ttyS0 or /dev/
pts/2. The default is to define that local virtual consoles and local X servers are considered local, but
if you want to consider the serial terminal next to you on port /dev/ttyS1 to also be local, you can
change that line to read:
=tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]\.[0-9] :[0-9] /dev/ttyS1