Philip Webb <purs...@ca.inter.net> writes: > 150322 Peter Humphrey wrote: >> On Sunday 22 March 2015 13:04:44 Nikos Chantziaras wrote: >>>> I can reboot the system when I am a user by Ctrl+Alt+Delete. >>>> The user can reboot the system, but can't shut down ? Strange >>> The thinking is that you can unplug the machine >>> or press the hardware reset or power button or flip the PSU switch ... >>> Preventing a ctrl+alt+del reboot does not add anything to security. >>> Security doesn't apply to users with physical access to the machine. >>> However, this is just a default. You can easily disable reboot >>> on ctrl+alt+del by editing /etc/inittab and commenting-out this line: >>> ca:12345:ctrlaltdel:/sbin/shutdown -r now > > Testing my single-user box with the above line in inittab , > I find that if I enter 'A-^Del' , I exit X to the raw terminal ;
That's usually Ctrl+Alt+Backspace. I had to turn that off with 'Option "DontZap" "true"' in the server section of xorg.conf because I somehow happen to press that accidentally about once a month :/ > The 1st effect is explained in ~/.fluxbox/keys by > # exit fluxbox > Control Mod1 Delete :Exit So whatever handles keyboard inputs with the X server even intercepts Ctrl+Alt+Del? Does fluxbox quit all programs nicely before it exits? > However, the 2nd effect is not explained so easily : > 'A-^Del' reboots when entered at a raw terminal, > but 'shutdown -r now' does not, yet the former is defined as the latter > by the line above in my /etc/inittab . > > The cause seems to be that 'A-^Del' is intercepted by 'init' (Process 1), > which is owned by root, but 'shutdown -r now' is heard by Process 910 > -- 'bash' running in the raw terminal, which was started by 'init' -- , > which is owned by my user. > > So the behaviour is explained, but following my earlier msg, > which advised to follow proper Unix principles, > I should comment the 'A-^Del' line in inittab : > if the raw terminal can't react to 'su', it won't react to 'A-^Del' either, > so there's no justification in terms of escaping from an emergency. What happens when you comment out the entry in inittab and someone presses Ctrl+Alt+Del? Nothing? >>> pressing the reset button is far worse, since there's no clean shutdown, >>> unmounting filesystems after flushing caches, etc. > > Yes : that's forced only when the keyboard ceases to respond. > >>> Because of that, the default of allowing ctrl+alt+del for local users >>> makes more sense than disabling it. > > That doesn't follow : if you have multiple users, > you don't want some rogue user rebooting randomly ; > it makes sense only as a convenience on a single-user system. > It seems to be the default behaviour of 'inittab' > -- there no comment saying I set it myself, which I would have added -- , > which is not appropriate for Gentoo systems in general, > some of which are undoubtedly multi-user. Undefined behaviour as the default also isn't ideal, and I agree that "nothing happens" would be much better: What's the last time you pressed Ctrl+Alt+Del and it actually worked? It's a legacy thing from times when freezes/crashes were common and when it did work and was useful. Nowadays, when you're pressing it, usually nothing happens anyway because the machine is down to where you have to press the reset button or to turn off the power (if you can't log in with ssh). When the machine still works, Ctrl+Alt+Del also works, which means that the default does nothing but create a security hole. So how can we have this default changed? -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable.
