150322 Peter Humphrey wrote: > On Sunday 22 March 2015 13:04:44 Nikos Chantziaras wrote: >>> I can reboot the system when I am a user by Ctrl+Alt+Delete. >>> The user can reboot the system, but can't shut down ? Strange >> The thinking is that you can unplug the machine >> or press the hardware reset or power button or flip the PSU switch ... >> Preventing a ctrl+alt+del reboot does not add anything to security. >> Security doesn't apply to users with physical access to the machine. >> However, this is just a default. You can easily disable reboot >> on ctrl+alt+del by editing /etc/inittab and commenting-out this line: >> ca:12345:ctrlaltdel:/sbin/shutdown -r now
Testing my single-user box with the above line in inittab , I find that if I enter 'A-^Del' , I exit X to the raw terminal ; another 'A-^Del' then reboots the box. If I enter 'shutdown -r now' as user, I get "shutdown: you must be root to do that!". 'cd /sbin ; ls -l shutdown' shows '-rwxr-xr-x 1 root root 23192 May 17 2014 shutdown', so that behaviour arises from the shutdown script, not the permissions. The 1st effect is explained in ~/.fluxbox/keys by # exit fluxbox Control Mod1 Delete :Exit However, the 2nd effect is not explained so easily : 'A-^Del' reboots when entered at a raw terminal, but 'shutdown -r now' does not, yet the former is defined as the latter by the line above in my /etc/inittab . The cause seems to be that 'A-^Del' is intercepted by 'init' (Process 1), which is owned by root, but 'shutdown -r now' is heard by Process 910 -- 'bash' running in the raw terminal, which was started by 'init' -- , which is owned by my user. So the behaviour is explained, but following my earlier msg, which advised to follow proper Unix principles, I should comment the 'A-^Del' line in inittab : if the raw terminal can't react to 'su', it won't react to 'A-^Del' either, so there's no justification in terms of escaping from an emergency. >> pressing the reset button is far worse, since there's no clean shutdown, >> unmounting filesystems after flushing caches, etc. Yes : that's forced only when the keyboard ceases to respond. >> Because of that, the default of allowing ctrl+alt+del for local users >> makes more sense than disabling it. That doesn't follow : if you have multiple users, you don't want some rogue user rebooting randomly ; it makes sense only as a convenience on a single-user system. It seems to be the default behaviour of 'inittab' -- there no comment saying I set it myself, which I would have added -- , which is not appropriate for Gentoo systems in general, some of which are undoubtedly multi-user. -- ========================,,============================================ SUPPORT ___________//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT `-O----------O---' purslowatchassdotutorontodotca
