1 |
Philip Webb <purslow@××××××××.net> writes: |
2 |
|
3 |
> 150322 Peter Humphrey wrote: |
4 |
>> On Sunday 22 March 2015 13:04:44 Nikos Chantziaras wrote: |
5 |
>>>> I can reboot the system when I am a user by Ctrl+Alt+Delete. |
6 |
>>>> The user can reboot the system, but can't shut down ? Strange |
7 |
>>> The thinking is that you can unplug the machine |
8 |
>>> or press the hardware reset or power button or flip the PSU switch ... |
9 |
>>> Preventing a ctrl+alt+del reboot does not add anything to security. |
10 |
>>> Security doesn't apply to users with physical access to the machine. |
11 |
>>> However, this is just a default. You can easily disable reboot |
12 |
>>> on ctrl+alt+del by editing /etc/inittab and commenting-out this line: |
13 |
>>> ca:12345:ctrlaltdel:/sbin/shutdown -r now |
14 |
> |
15 |
> Testing my single-user box with the above line in inittab , |
16 |
> I find that if I enter 'A-^Del' , I exit X to the raw terminal ; |
17 |
|
18 |
That's usually Ctrl+Alt+Backspace. I had to turn that off with 'Option |
19 |
"DontZap" "true"' in the server section of xorg.conf because I somehow |
20 |
happen to press that accidentally about once a month :/ |
21 |
|
22 |
> The 1st effect is explained in ~/.fluxbox/keys by |
23 |
> # exit fluxbox |
24 |
> Control Mod1 Delete :Exit |
25 |
|
26 |
So whatever handles keyboard inputs with the X server even intercepts |
27 |
Ctrl+Alt+Del? |
28 |
|
29 |
Does fluxbox quit all programs nicely before it exits? |
30 |
|
31 |
> However, the 2nd effect is not explained so easily : |
32 |
> 'A-^Del' reboots when entered at a raw terminal, |
33 |
> but 'shutdown -r now' does not, yet the former is defined as the latter |
34 |
> by the line above in my /etc/inittab . |
35 |
> |
36 |
> The cause seems to be that 'A-^Del' is intercepted by 'init' (Process 1), |
37 |
> which is owned by root, but 'shutdown -r now' is heard by Process 910 |
38 |
> -- 'bash' running in the raw terminal, which was started by 'init' -- , |
39 |
> which is owned by my user. |
40 |
> |
41 |
> So the behaviour is explained, but following my earlier msg, |
42 |
> which advised to follow proper Unix principles, |
43 |
> I should comment the 'A-^Del' line in inittab : |
44 |
> if the raw terminal can't react to 'su', it won't react to 'A-^Del' either, |
45 |
> so there's no justification in terms of escaping from an emergency. |
46 |
|
47 |
What happens when you comment out the entry in inittab and someone |
48 |
presses Ctrl+Alt+Del? Nothing? |
49 |
|
50 |
>>> pressing the reset button is far worse, since there's no clean shutdown, |
51 |
>>> unmounting filesystems after flushing caches, etc. |
52 |
> |
53 |
> Yes : that's forced only when the keyboard ceases to respond. |
54 |
> |
55 |
>>> Because of that, the default of allowing ctrl+alt+del for local users |
56 |
>>> makes more sense than disabling it. |
57 |
> |
58 |
> That doesn't follow : if you have multiple users, |
59 |
> you don't want some rogue user rebooting randomly ; |
60 |
> it makes sense only as a convenience on a single-user system. |
61 |
> It seems to be the default behaviour of 'inittab' |
62 |
> -- there no comment saying I set it myself, which I would have added -- , |
63 |
> which is not appropriate for Gentoo systems in general, |
64 |
> some of which are undoubtedly multi-user. |
65 |
|
66 |
Undefined behaviour as the default also isn't ideal, and I agree that |
67 |
"nothing happens" would be much better: |
68 |
|
69 |
What's the last time you pressed Ctrl+Alt+Del and it actually worked? |
70 |
It's a legacy thing from times when freezes/crashes were common and when |
71 |
it did work and was useful. |
72 |
|
73 |
Nowadays, when you're pressing it, usually nothing happens anyway |
74 |
because the machine is down to where you have to press the reset button |
75 |
or to turn off the power (if you can't log in with ssh). When the |
76 |
machine still works, Ctrl+Alt+Del also works, which means that the |
77 |
default does nothing but create a security hole. |
78 |
|
79 |
So how can we have this default changed? |
80 |
|
81 |
|
82 |
-- |
83 |
Again we must be afraid of speaking of daemons for fear that daemons |
84 |
might swallow us. Finally, this fear has become reasonable. |