We recently had a request from the User Support Unit to block users from doing a shutdown on machines in meeting rooms. The reason behind this is that the machines themselves are stored in locked cupboards, once they are powered off you need a key to open the cupboard and press the power button which is rather inconvenient.
At the same time we still wanted to allow users to be able to do reboots as a last resort when things go wrong so we could not just block all access to the shutdown command.
There are command line tools named “poweroff” and “reboot” for which access is controlled through consolehelper and thus PAM. I modified the PAM config for poweroff to block everyone who does not have system administrator privileges. However, this does not prevent users doing a shutdown from the gnome system menu. I hunted around the web for quite a while for any sort of solution to this or hint as to how gnome is actually sending that poweroff request. Eventually I discovered the little known fact that if you remove the gdm system menu, to prevent reboot and shutdown requests from the login screen, the shutdown option magically disappears from the gnome system menu. This probably does not prevent the determined user who really wants to shutdown the machine but it will stop all the people who select shutdown when they meant to just logout.