1 |
On Sunday 22 March 2015 13:04:44 Nikos Chantziaras wrote: |
2 |
> On 22/03/15 12:30, Peter Humphrey wrote: |
3 |
> > On Saturday 21 March 2015 16:20:17 Jc García wrote: |
4 |
> >>> Interesting. But as I said ealier, I can reboot the system when I am a |
5 |
> >>> user by Ctrl+Alt+Delete. The user can reboot the system, but can't |
6 |
> >>> shut |
7 |
> >>> down? Strange |
8 |
> >> |
9 |
> >> It's not strange, `man 2 reboot`. It's a defined behavior. |
10 |
> > |
11 |
> > I'm with German here. Being designed that way doesn't stop it being |
12 |
> > strange. |
13 |
> > |
14 |
> > Consider: I'm an ordinary user sitting at a terminal. I'm not allowed to |
15 |
> > halt the machine, but I am allowed to reboot it into perhaps some quite |
16 |
> > other configuration. Or I can keep rebooting it over and again, |
17 |
> > effectively preventing the machine from doing its job. How does that |
18 |
> > make sense? |
19 |
> The thinking is that you can unplug the machine, or press the hardware |
20 |
> reset or power button, or flip the PSU switch... |
21 |
> |
22 |
> Preventing a ctrl+alt+del reboot does not add anything to security. |
23 |
> Security doesn't really apply to users with physical access to the |
24 |
> machine. |
25 |
|
26 |
Indeed, as witness many successful hijacks of supposedly secure systems. |
27 |
|
28 |
> However, this is just a default. You can easily disable reboot on |
29 |
> ctrl+alt+del by editing /etc/inittab and commenting-out this line: |
30 |
> |
31 |
> ca:12345:ctrlaltdel:/sbin/shutdown -r now |
32 |
|
33 |
All good sense. |
34 |
|
35 |
> Note though, that is someone wants to reboot, and ctrl+alt+del doesn't |
36 |
> work, pressing the reset button is far worse, since there's no clean |
37 |
> shutdown performed (unmounting filesystems after flushing caches, etc.) |
38 |
> Because of that, the default of allowing ctrl+alt+del for local users |
39 |
> makes more sense than disabling it. |
40 |
|
41 |
And there's no arguing with that! :_) |
42 |
|
43 |
-- |
44 |
Rgds |
45 |
Peter. |