Hi On Thu, Oct 30, 2014 at 11:07:27PM -0700, Don Armstrong wrote: > On Thu, 30 Oct 2014, Joey Hess wrote: > > Don Armstrong wrote: > > > systemd-inhibit --who='backup script' --why='backup is running currently' > > > \ > > > --mode=block yourbackupscript; > > > > This doesn't currently prevent either /sbin/shutdown or eg, the > > lightdm menu item from shutting the system down. It does inhibit > > systemctl reboot/halt. > > Huh. That seems kind of unfortunate (and weird, because /sbin/shutdown > is symlinked to systemctl here; I would have expected /sbin/shutdown to > be a special case of systemctl halt.)
molly-guard doesn't really mess with /sbin/shutdown and family. Instead it implements, e.g. /usr/sbin/shutdown. Since /usr/sbin precedes /sbin in $PATH this allows them to be overridden. A bit clumsy, I agree, but sufficient to prevent administrator mistakes. Personally, I would have preferred molly-guard to use dpkg-divert, but it works as it is. > This is probably at least a documentation bug, and possibly a real bug. In the case of molly-guard, I belive that is up for debate. It only intentds to be a safety net, not a security feature. After all, attempting to protect a system against the root user is nonsensical. Regards -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141031082118.GA22377@hawking
