| 1 |
150322 Peter Humphrey wrote: |
| 2 |
> On Sunday 22 March 2015 13:04:44 Nikos Chantziaras wrote: |
| 3 |
>>> I can reboot the system when I am a user by Ctrl+Alt+Delete. |
| 4 |
>>> The user can reboot the system, but can't shut down ? Strange |
| 5 |
>> The thinking is that you can unplug the machine |
| 6 |
>> or press the hardware reset or power button or flip the PSU switch ... |
| 7 |
>> Preventing a ctrl+alt+del reboot does not add anything to security. |
| 8 |
>> Security doesn't apply to users with physical access to the machine. |
| 9 |
>> However, this is just a default. You can easily disable reboot |
| 10 |
>> on ctrl+alt+del by editing /etc/inittab and commenting-out this line: |
| 11 |
>> ca:12345:ctrlaltdel:/sbin/shutdown -r now |
| 12 |
|
| 13 |
Testing my single-user box with the above line in inittab , |
| 14 |
I find that if I enter 'A-^Del' , I exit X to the raw terminal ; |
| 15 |
another 'A-^Del' then reboots the box. If I enter 'shutdown -r now' as user, |
| 16 |
I get "shutdown: you must be root to do that!". 'cd /sbin ; ls -l shutdown' |
| 17 |
shows '-rwxr-xr-x 1 root root 23192 May 17 2014 shutdown', |
| 18 |
so that behaviour arises from the shutdown script, not the permissions. |
| 19 |
|
| 20 |
The 1st effect is explained in ~/.fluxbox/keys by |
| 21 |
# exit fluxbox |
| 22 |
Control Mod1 Delete :Exit |
| 23 |
|
| 24 |
However, the 2nd effect is not explained so easily : |
| 25 |
'A-^Del' reboots when entered at a raw terminal, |
| 26 |
but 'shutdown -r now' does not, yet the former is defined as the latter |
| 27 |
by the line above in my /etc/inittab . |
| 28 |
|
| 29 |
The cause seems to be that 'A-^Del' is intercepted by 'init' (Process 1), |
| 30 |
which is owned by root, but 'shutdown -r now' is heard by Process 910 |
| 31 |
-- 'bash' running in the raw terminal, which was started by 'init' -- , |
| 32 |
which is owned by my user. |
| 33 |
|
| 34 |
So the behaviour is explained, but following my earlier msg, |
| 35 |
which advised to follow proper Unix principles, |
| 36 |
I should comment the 'A-^Del' line in inittab : |
| 37 |
if the raw terminal can't react to 'su', it won't react to 'A-^Del' either, |
| 38 |
so there's no justification in terms of escaping from an emergency. |
| 39 |
|
| 40 |
>> pressing the reset button is far worse, since there's no clean shutdown, |
| 41 |
>> unmounting filesystems after flushing caches, etc. |
| 42 |
|
| 43 |
Yes : that's forced only when the keyboard ceases to respond. |
| 44 |
|
| 45 |
>> Because of that, the default of allowing ctrl+alt+del for local users |
| 46 |
>> makes more sense than disabling it. |
| 47 |
|
| 48 |
That doesn't follow : if you have multiple users, |
| 49 |
you don't want some rogue user rebooting randomly ; |
| 50 |
it makes sense only as a convenience on a single-user system. |
| 51 |
It seems to be the default behaviour of 'inittab' |
| 52 |
-- there no comment saying I set it myself, which I would have added -- , |
| 53 |
which is not appropriate for Gentoo systems in general, |
| 54 |
some of which are undoubtedly multi-user. |
| 55 |
|
| 56 |
-- |
| 57 |
========================,,============================================ |
| 58 |
SUPPORT ___________//___, Philip Webb |
| 59 |
ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto |
| 60 |
TRANSIT `-O----------O---' purslowatchassdotutorontodotca |
Archives