From: lee <lee@yagibdah.de>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: How to poweroff the system from user?
Date: Sun, 29 Mar 2015 12:23:00 +0200 [thread overview]
Message-ID: <87pp7sqf0b.fsf@heimdali.yagibdah.de> (raw)
In-Reply-To: <20150322155852.GA1081@ca.inter.net> (Philip Webb's message of "Sun, 22 Mar 2015 11:58:52 -0400")
Philip Webb <purslow@ca.inter.net> writes:
> 150322 Peter Humphrey wrote:
>> On Sunday 22 March 2015 13:04:44 Nikos Chantziaras wrote:
>>>> I can reboot the system when I am a user by Ctrl+Alt+Delete.
>>>> The user can reboot the system, but can't shut down ? Strange
>>> The thinking is that you can unplug the machine
>>> or press the hardware reset or power button or flip the PSU switch ...
>>> Preventing a ctrl+alt+del reboot does not add anything to security.
>>> Security doesn't apply to users with physical access to the machine.
>>> However, this is just a default. You can easily disable reboot
>>> on ctrl+alt+del by editing /etc/inittab and commenting-out this line:
>>> ca:12345:ctrlaltdel:/sbin/shutdown -r now
>
> Testing my single-user box with the above line in inittab ,
> I find that if I enter 'A-^Del' , I exit X to the raw terminal ;
That's usually Ctrl+Alt+Backspace. I had to turn that off with 'Option
"DontZap" "true"' in the server section of xorg.conf because I somehow
happen to press that accidentally about once a month :/
> The 1st effect is explained in ~/.fluxbox/keys by
> # exit fluxbox
> Control Mod1 Delete :Exit
So whatever handles keyboard inputs with the X server even intercepts
Ctrl+Alt+Del?
Does fluxbox quit all programs nicely before it exits?
> However, the 2nd effect is not explained so easily :
> 'A-^Del' reboots when entered at a raw terminal,
> but 'shutdown -r now' does not, yet the former is defined as the latter
> by the line above in my /etc/inittab .
>
> The cause seems to be that 'A-^Del' is intercepted by 'init' (Process 1),
> which is owned by root, but 'shutdown -r now' is heard by Process 910
> -- 'bash' running in the raw terminal, which was started by 'init' -- ,
> which is owned by my user.
>
> So the behaviour is explained, but following my earlier msg,
> which advised to follow proper Unix principles,
> I should comment the 'A-^Del' line in inittab :
> if the raw terminal can't react to 'su', it won't react to 'A-^Del' either,
> so there's no justification in terms of escaping from an emergency.
What happens when you comment out the entry in inittab and someone
presses Ctrl+Alt+Del? Nothing?
>>> pressing the reset button is far worse, since there's no clean shutdown,
>>> unmounting filesystems after flushing caches, etc.
>
> Yes : that's forced only when the keyboard ceases to respond.
>
>>> Because of that, the default of allowing ctrl+alt+del for local users
>>> makes more sense than disabling it.
>
> That doesn't follow : if you have multiple users,
> you don't want some rogue user rebooting randomly ;
> it makes sense only as a convenience on a single-user system.
> It seems to be the default behaviour of 'inittab'
> -- there no comment saying I set it myself, which I would have added -- ,
> which is not appropriate for Gentoo systems in general,
> some of which are undoubtedly multi-user.
Undefined behaviour as the default also isn't ideal, and I agree that
"nothing happens" would be much better:
What's the last time you pressed Ctrl+Alt+Del and it actually worked?
It's a legacy thing from times when freezes/crashes were common and when
it did work and was useful.
Nowadays, when you're pressing it, usually nothing happens anyway
because the machine is down to where you have to press the reset button
or to turn off the power (if you can't log in with ssh). When the
machine still works, Ctrl+Alt+Del also works, which means that the
default does nothing but create a security hole.
So how can we have this default changed?
--
Again we must be afraid of speaking of daemons for fear that daemons
might swallow us. Finally, this fear has become reasonable.
next prev parent reply other threads:[~2015-03-29 10:52 UTC|newest]
Thread overview: 93+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-21 19:26 [gentoo-user] How to poweroff the system from user? German
2015-03-21 19:34 ` Alexander Kapshuk
2015-03-21 19:35 ` Alexander Kapshuk
2015-03-21 22:38 ` Fernando Rodriguez
2015-03-21 22:52 ` Emanuele Rusconi
2015-03-21 23:03 ` Fernando Rodriguez
2015-03-21 19:39 ` German
2015-03-21 19:47 ` Rich Freeman
2015-03-21 19:58 ` Canek Peláez Valdés
2015-03-26 0:46 ` microcai
2015-03-29 11:55 ` Volker Armin Hemmann
2015-03-29 12:33 ` Jorge Almeida
2015-03-29 12:44 ` Rich Freeman
2015-03-21 20:01 ` German
2015-03-21 20:17 ` Jc García
2015-03-21 20:09 ` Fernando Rodriguez
2015-03-21 20:32 ` Philip Webb
2015-03-21 20:50 ` Rich Freeman
2015-03-21 20:58 ` German
2015-03-21 22:20 ` Jc García
2015-03-22 10:30 ` Peter Humphrey
2015-03-22 11:04 ` [gentoo-user] " Nikos Chantziaras
2015-03-22 11:27 ` Peter Humphrey
2015-03-22 15:58 ` Philip Webb
2015-03-22 19:13 ` Nikos Chantziaras
2015-03-22 20:12 ` Philip Webb
2015-03-22 23:18 ` Nikos Chantziaras
2015-03-22 21:13 ` Matti Nykyri
2015-03-29 10:23 ` lee [this message]
2015-03-31 5:57 ` Fernando Rodriguez
2015-03-31 6:38 ` Fernando Rodriguez
2015-03-31 9:36 ` Tom H
2015-03-31 9:42 ` Emanuele Rusconi
2015-03-31 17:13 ` Tom H
2015-04-04 12:41 ` lee
2015-04-04 15:16 ` Rich Freeman
2015-04-07 20:10 ` lee
2015-04-07 20:24 ` lee
2015-04-04 22:36 ` Fernando Rodriguez
2015-04-07 19:21 ` lee
2015-04-07 20:43 ` Fernando Rodriguez
2015-04-07 21:27 ` Neil Bothwick
2015-04-08 21:47 ` lee
2015-04-14 21:07 ` Emanuele Rusconi
2015-04-14 22:06 ` lee
2015-04-14 23:02 ` Neil Bothwick
2015-05-09 15:13 ` lee
2015-04-04 22:37 ` Neil Bothwick
2015-04-05 7:27 ` Dale
2015-04-05 11:24 ` Rich Freeman
2015-04-05 15:13 ` Dale
2015-03-22 20:36 ` [gentoo-user] " Jc García
2015-03-23 9:46 ` Peter Humphrey
2015-03-23 10:12 ` 回复:Re: " Nicol TAO
2015-03-23 11:28 ` Rich Freeman
2015-03-23 12:13 ` [gentoo-user] " Nikos Chantziaras
2015-03-23 12:16 ` Matti Nykyri
2015-03-23 13:32 ` Nikos Chantziaras
2015-03-23 12:16 ` [gentoo-user] " Emanuele Rusconi
2015-03-29 10:43 ` lee
2015-03-29 23:20 ` Walter Dnes
2015-03-29 19:30 ` Rich Freeman
2015-03-30 0:32 ` Walter Dnes
2015-03-30 0:52 ` Rich Freeman
2015-03-30 8:09 ` Mick
2015-03-30 9:41 ` Rich Freeman
2015-03-30 8:00 ` Mick
2015-04-04 12:47 ` lee
2015-03-21 22:51 ` Fernando Rodriguez
2015-03-22 6:32 ` German
2015-03-22 6:49 ` Matti Nykyri
2015-03-22 7:06 ` German
2015-03-22 7:11 ` Alexander Kapshuk
2015-03-22 7:22 ` Matti Nykyri
2015-03-22 7:19 ` Fernando Rodriguez
2015-03-22 7:30 ` German
2015-03-22 7:34 ` Matti Nykyri
2015-03-22 7:35 ` Fernando Rodriguez
2015-03-22 7:55 ` German
2015-03-22 7:47 ` Fernando Rodriguez
2015-03-22 7:57 ` German
2015-03-23 1:39 ` Walter Dnes
2015-03-22 7:31 ` Fernando Rodriguez
2015-03-22 7:35 ` Matti Nykyri
2015-03-22 7:55 ` Fernando Rodriguez
2015-03-22 7:56 ` German
2015-03-26 0:53 ` microcai
2015-03-26 15:36 ` Tom H
2015-03-22 7:41 ` [gentoo-user] " Nikos Chantziaras
2015-03-26 1:46 ` [gentoo-user] " wabenbau
2015-03-26 16:13 ` [gentoo-user] " Hans
2015-03-26 16:28 ` Francisco Ares
2015-03-26 19:02 ` Emanuele Rusconi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87pp7sqf0b.fsf@heimdali.yagibdah.de \
--to=lee@yagibdah.de \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox