On 23 March 2015 at 10:46, Peter Humphrey <pe...@prh.myzen.co.uk> wrote:
> On Sunday 22 March 2015 14:36:36 Jc García wrote: > > 2015-03-22 4:30 GMT-06:00 Peter Humphrey <pe...@prh.myzen.co.uk>: > > > On Saturday 21 March 2015 16:20:17 Jc García wrote: > > >> > Interesting. But as I said ealier, I can reboot the system when I am > > >> > a > > >> > user by Ctrl+Alt+Delete. The user can reboot the system, but can't > > >> > shut > > >> > down? Strange > > >> > > >> It's not strange, `man 2 reboot`. It's a defined behavior. > > > > > > I'm with German here. Being designed that way doesn't stop it being > > > strange. > > I see it as a last resource available for rebooting under any > > circumstances( Similar to what you can do with Sysrq). > > > > > Consider: I'm an ordinary user sitting at a terminal. I'm not allowed > to > > > halt the machine, but I am allowed to reboot it into perhaps some quite > > > other configuration. Or I can keep rebooting it over and again, > > > effectively preventing the machine from doing its job. How does that > > > make sense? > > It doesn't and that's why it's configurable, if you are in a high > > security requiring environment, you disable it. > > The consensus seems to be that there's no point in trying to prevent a user > from rebooting the machine, and I'm happy to go along with that. > > The remaining question is: why is the user not allowed to halt it? > > -- > Rgds > Peter. > > > Maybe some people here missed my post. You CAN allow the user to halt: just substitute ca:12345:ctrlaltdel:/sbin/shutdown -r now with ca:12345:ctrlaltdel:/sbin/shutdown -P now in /etc/inittab and Ctrl-Alt-Del will shutdown instead of reboot. In fact, Ctrl-Alt-Del can be set up to do whatever you want and will have root privileges. If this is a security hole for your use case, you can comment it or set it to ca:12345:ctrlaltdel: /bin/echo 'Hey, don't touch me there!' , or you can disable it entirely in the kernel. -- Emanuele
