Is there any ability to create a password for a one or specific set of command in Linux? I don't know if such scenario has been posted in before, but I really want to protect poweroff, reboot, init 0 and init 6 even from root user with a password.
I understand that root can do everything, but just to grant the server more protection in case of power-off accidentally. It's something like the file with attribute +i, which can't be deleted by even by root user unless you remove that attribute.
I don't find this realistic scenario in environments with serious people working on the servers.
If folks accidentally poweroff a server, they should be denied access until proper education is done.
If you're trying to stop root from being root, there's something very wrong with your security model.
If you don't want people to have root, don't give them root at all.
Perhaps you can move the services they need to administrate to another user, so that they don't need to constantly login as root. That would protect /sbin/reboot much better than setting nonstandard permissions on system files.
I'm talking here for a server holds more than 3.000.000 customer!!! I should protect the power commands with a password, at least a confirmation message!!
If your security model involves stopping root from being root, it is flawed, because it doesn't work that way. You can't stop root from being root. If they really wanted to -- or even by accident -- your root users could write to the disk raw and trash it. There are no restrictions, because that's what root means... And if you do restrict all these somehow, eventually you'll end up in an emergency situation where root needs to do so and can't because you've altered your system in nonstandard ways.
The other problem is that your security model starts from 'default permit'. You wouldn't even write a firewall this way. Are there dangerous commands you don't know about? Almost certainly. Can you weed out 100% of each and every one individually? Doubtful. You need to work from the opposite direction -- give them access to what they need and only what they need, and absolutely nothing more, instead of giving them root, which gives them guaranteed unencumbered access to everything.
You should protect it by not giving out root. Find other ways besides root to let your admins do what they need. You can give them sudo access to particular commands for example without giving them carte blanche.