| 1 |
On 22/03/15 12:30, Peter Humphrey wrote: |
| 2 |
> On Saturday 21 March 2015 16:20:17 Jc García wrote: |
| 3 |
>>> Interesting. But as I said ealier, I can reboot the system when I am a |
| 4 |
>>> user by Ctrl+Alt+Delete. The user can reboot the system, but can't shut |
| 5 |
>>> down? Strange |
| 6 |
>> It's not strange, `man 2 reboot`. It's a defined behavior. |
| 7 |
> |
| 8 |
> I'm with German here. Being designed that way doesn't stop it being strange. |
| 9 |
> |
| 10 |
> Consider: I'm an ordinary user sitting at a terminal. I'm not allowed to |
| 11 |
> halt the machine, but I am allowed to reboot it into perhaps some quite |
| 12 |
> other configuration. Or I can keep rebooting it over and again, effectively |
| 13 |
> preventing the machine from doing its job. How does that make sense? |
| 14 |
|
| 15 |
The thinking is that you can unplug the machine, or press the hardware |
| 16 |
reset or power button, or flip the PSU switch... |
| 17 |
|
| 18 |
Preventing a ctrl+alt+del reboot does not add anything to security. |
| 19 |
Security doesn't really apply to users with physical access to the machine. |
| 20 |
|
| 21 |
However, this is just a default. You can easily disable reboot on |
| 22 |
ctrl+alt+del by editing /etc/inittab and commenting-out this line: |
| 23 |
|
| 24 |
ca:12345:ctrlaltdel:/sbin/shutdown -r now |
| 25 |
|
| 26 |
Note though, that is someone wants to reboot, and ctrl+alt+del doesn't |
| 27 |
work, pressing the reset button is far worse, since there's no clean |
| 28 |
shutdown performed (unmounting filesystems after flushing caches, etc.) |
| 29 |
Because of that, the default of allowing ctrl+alt+del for local users |
| 30 |
makes more sense than disabling it. |
Archives