1 |
150322 Peter Humphrey wrote: |
2 |
> On Sunday 22 March 2015 13:04:44 Nikos Chantziaras wrote: |
3 |
>>> I can reboot the system when I am a user by Ctrl+Alt+Delete. |
4 |
>>> The user can reboot the system, but can't shut down ? Strange |
5 |
>> The thinking is that you can unplug the machine |
6 |
>> or press the hardware reset or power button or flip the PSU switch ... |
7 |
>> Preventing a ctrl+alt+del reboot does not add anything to security. |
8 |
>> Security doesn't apply to users with physical access to the machine. |
9 |
>> However, this is just a default. You can easily disable reboot |
10 |
>> on ctrl+alt+del by editing /etc/inittab and commenting-out this line: |
11 |
>> ca:12345:ctrlaltdel:/sbin/shutdown -r now |
12 |
|
13 |
Testing my single-user box with the above line in inittab , |
14 |
I find that if I enter 'A-^Del' , I exit X to the raw terminal ; |
15 |
another 'A-^Del' then reboots the box. If I enter 'shutdown -r now' as user, |
16 |
I get "shutdown: you must be root to do that!". 'cd /sbin ; ls -l shutdown' |
17 |
shows '-rwxr-xr-x 1 root root 23192 May 17 2014 shutdown', |
18 |
so that behaviour arises from the shutdown script, not the permissions. |
19 |
|
20 |
The 1st effect is explained in ~/.fluxbox/keys by |
21 |
# exit fluxbox |
22 |
Control Mod1 Delete :Exit |
23 |
|
24 |
However, the 2nd effect is not explained so easily : |
25 |
'A-^Del' reboots when entered at a raw terminal, |
26 |
but 'shutdown -r now' does not, yet the former is defined as the latter |
27 |
by the line above in my /etc/inittab . |
28 |
|
29 |
The cause seems to be that 'A-^Del' is intercepted by 'init' (Process 1), |
30 |
which is owned by root, but 'shutdown -r now' is heard by Process 910 |
31 |
-- 'bash' running in the raw terminal, which was started by 'init' -- , |
32 |
which is owned by my user. |
33 |
|
34 |
So the behaviour is explained, but following my earlier msg, |
35 |
which advised to follow proper Unix principles, |
36 |
I should comment the 'A-^Del' line in inittab : |
37 |
if the raw terminal can't react to 'su', it won't react to 'A-^Del' either, |
38 |
so there's no justification in terms of escaping from an emergency. |
39 |
|
40 |
>> pressing the reset button is far worse, since there's no clean shutdown, |
41 |
>> unmounting filesystems after flushing caches, etc. |
42 |
|
43 |
Yes : that's forced only when the keyboard ceases to respond. |
44 |
|
45 |
>> Because of that, the default of allowing ctrl+alt+del for local users |
46 |
>> makes more sense than disabling it. |
47 |
|
48 |
That doesn't follow : if you have multiple users, |
49 |
you don't want some rogue user rebooting randomly ; |
50 |
it makes sense only as a convenience on a single-user system. |
51 |
It seems to be the default behaviour of 'inittab' |
52 |
-- there no comment saying I set it myself, which I would have added -- , |
53 |
which is not appropriate for Gentoo systems in general, |
54 |
some of which are undoubtedly multi-user. |
55 |
|
56 |
-- |
57 |
========================,,============================================ |
58 |
SUPPORT ___________//___, Philip Webb |
59 |
ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto |
60 |
TRANSIT `-O----------O---' purslowatchassdotutorontodotca |