Can OS X be configured to only allow administrator users access to shutdown tools?
You can use Workgroup Manager and OS X's managed preferences (MCX) to restrict access to the Restart and Shut Down commands in the Finder:
..then use the Accounts prefpane to show or hide the Restart, Sleep, and Shut Down buttons at the loginwindow:
This seems drastic, and I wouldn't want to test it on my system, but if one were really determined to prevent non-administrative users from properly shutting down the system, one could rename /sbin/shutdown
. The program /sbin/shutdown
, run on its own, requires administrative privileges, but ordinary users can invoke it through the shutdown command in the GUI. The shutdown command in the GUI does depend on /sbin/shutdown
, though, so if the program is not found where it is expected, the GUI shutdown sequence will not complete.
If an administrative user wants to shut down the system, they can invoke the renamed /sbin/shutdown
from the command line using sudo
.
Note that none of this (or any other software solution) will prevent a user with physical access to the machine from pressing and holding the power button, simply pulling the power cord out of its outlet, tripping the circuit breaker for the circuit giving power to the computer, etc.