1 |
On 22/03/15 12:30, Peter Humphrey wrote: |
2 |
> On Saturday 21 March 2015 16:20:17 Jc García wrote: |
3 |
>>> Interesting. But as I said ealier, I can reboot the system when I am a |
4 |
>>> user by Ctrl+Alt+Delete. The user can reboot the system, but can't shut |
5 |
>>> down? Strange |
6 |
>> It's not strange, `man 2 reboot`. It's a defined behavior. |
7 |
> |
8 |
> I'm with German here. Being designed that way doesn't stop it being strange. |
9 |
> |
10 |
> Consider: I'm an ordinary user sitting at a terminal. I'm not allowed to |
11 |
> halt the machine, but I am allowed to reboot it into perhaps some quite |
12 |
> other configuration. Or I can keep rebooting it over and again, effectively |
13 |
> preventing the machine from doing its job. How does that make sense? |
14 |
|
15 |
The thinking is that you can unplug the machine, or press the hardware |
16 |
reset or power button, or flip the PSU switch... |
17 |
|
18 |
Preventing a ctrl+alt+del reboot does not add anything to security. |
19 |
Security doesn't really apply to users with physical access to the machine. |
20 |
|
21 |
However, this is just a default. You can easily disable reboot on |
22 |
ctrl+alt+del by editing /etc/inittab and commenting-out this line: |
23 |
|
24 |
ca:12345:ctrlaltdel:/sbin/shutdown -r now |
25 |
|
26 |
Note though, that is someone wants to reboot, and ctrl+alt+del doesn't |
27 |
work, pressing the reset button is far worse, since there's no clean |
28 |
shutdown performed (unmounting filesystems after flushing caches, etc.) |
29 |
Because of that, the default of allowing ctrl+alt+del for local users |
30 |
makes more sense than disabling it. |