| 1 |
On Sunday 22 March 2015 13:04:44 Nikos Chantziaras wrote: |
| 2 |
> On 22/03/15 12:30, Peter Humphrey wrote: |
| 3 |
> > On Saturday 21 March 2015 16:20:17 Jc García wrote: |
| 4 |
> >>> Interesting. But as I said ealier, I can reboot the system when I am a |
| 5 |
> >>> user by Ctrl+Alt+Delete. The user can reboot the system, but can't |
| 6 |
> >>> shut |
| 7 |
> >>> down? Strange |
| 8 |
> >> |
| 9 |
> >> It's not strange, `man 2 reboot`. It's a defined behavior. |
| 10 |
> > |
| 11 |
> > I'm with German here. Being designed that way doesn't stop it being |
| 12 |
> > strange. |
| 13 |
> > |
| 14 |
> > Consider: I'm an ordinary user sitting at a terminal. I'm not allowed to |
| 15 |
> > halt the machine, but I am allowed to reboot it into perhaps some quite |
| 16 |
> > other configuration. Or I can keep rebooting it over and again, |
| 17 |
> > effectively preventing the machine from doing its job. How does that |
| 18 |
> > make sense? |
| 19 |
> The thinking is that you can unplug the machine, or press the hardware |
| 20 |
> reset or power button, or flip the PSU switch... |
| 21 |
> |
| 22 |
> Preventing a ctrl+alt+del reboot does not add anything to security. |
| 23 |
> Security doesn't really apply to users with physical access to the |
| 24 |
> machine. |
| 25 |
|
| 26 |
Indeed, as witness many successful hijacks of supposedly secure systems. |
| 27 |
|
| 28 |
> However, this is just a default. You can easily disable reboot on |
| 29 |
> ctrl+alt+del by editing /etc/inittab and commenting-out this line: |
| 30 |
> |
| 31 |
> ca:12345:ctrlaltdel:/sbin/shutdown -r now |
| 32 |
|
| 33 |
All good sense. |
| 34 |
|
| 35 |
> Note though, that is someone wants to reboot, and ctrl+alt+del doesn't |
| 36 |
> work, pressing the reset button is far worse, since there's no clean |
| 37 |
> shutdown performed (unmounting filesystems after flushing caches, etc.) |
| 38 |
> Because of that, the default of allowing ctrl+alt+del for local users |
| 39 |
> makes more sense than disabling it. |
| 40 |
|
| 41 |
And there's no arguing with that! :_) |
| 42 |
|
| 43 |
-- |
| 44 |
Rgds |
| 45 |
Peter. |
Archives