Unprivileged user allowed to reboot over ssh?

I’m trying to find the best way to give an unprivileged user the ability to reboot from Cockpit.

I have a fleet of pi’s used as digital signage and they have cockpit installed for management. I use it without a problem(I’m the admin) but I would like to give my volunteers the ability to reboot a pi without them just pulling the power(if they can even access it). I don’t want to let them use a user with ALL sudo rights but that’s the only way I can get it to work.

Seems I have 2 ways I should be able to get this to work. Add a user to the sudoers group with limited access, or PolicyKit rules. Both are failing me.

It seems that because cockpit manages a system over ssh through D-Bus, giving a user reboot permissions isn’t as straightforward as I thought.

The following line in the sudoers file works if you are locally logged in but not remotely
pi ALL= NOPASSWD: /sbin/reboot, /sbin/halt, /sbin/shutdown

With PolicyKit I’ve found that the rules only apply to a user locally logged into an xwindow session and not a remote session.

Anyone have any suggestions?

I have not test this, but in theory you could could create a permission that would allow other users to run /usr/bin/reboot

Permission on the file? as in ```
chmod 4550 /usr/bin/reboot