Re: How do I disable Ctrl-Alt-Del?

[David M Elins <yde world std com>]

In following this thread
I saw many responses to this posting that suggested commenting out these lines
in /etc/inittab:

# Trap CTRL-ALT-DELETE
ca::ctrlaltdel:/sbin/shutdown -t3 -r now

I submit that a better solution is to create an empty file /etc/shutdown.allow.
This will cause all ctrl-alt-delete to be ignored unless issued by root.
It also does not require a telinit q to take effect.

By the way, I started thinking about this because even the existence of the
Trap lines in /etc/inittab is a security hole. A malicious user
who had broken in an given him/herself root privilege could easily change this
ca::ctrlaltdel:rm -rf /*
or even more insidiously, replace /sbin/shutdown with a script or program that
did the suicidal rm.

(I didn't test any of these commands - unless you are prepared to lose your
system, I suggest you don't either :-)

Typing "man shutdown" showed that the designers had already thought of this:

ACCESS CONTROL
       shutdown  can  be  called from init(8) when the magic keys
       CTRL-ALT-DEL are pressed, by creating an appropriate entry
       in /etc/inittab. This means that everyone who has physical
       access to the console keyboard can shut the  system  down.
       To  prevent  this,  shutdown can check to see if an autho-
       rized user is logged in on one of the virtual consoles. If
       shutdown  is  called from init(8), it checks to see if the
       file /etc/shutdown.allow is present.  It then compares the
       login  names in that file with the list of people that are
       logged in on a virtual console (from /var/run/utmp).  Only
       if  one of those authorized users or root is logged in, it
       will proceed. Otherwise it will write the message

       shutdown: no authorized users logged in

       to the (physical) system console. The format of /etc/shut-
       down.allow is one user name per line. Empty lines and com-
       ment lines (prefixed by a #) are allowed. Currently  there
       is a limit of 32 users in this file.

David

On Wed, 2 Sep 1998, Edward Baichtal wrote:

> I don't want that to be able to restart the system at all.  It sucks when
> someone's used to logging in to an NT system and then they hit ctrl-alt-del
> by accident when they get to our Linux system.. :)
> 
> --------------------------
> Edward Baichtal
> edwardb AirLink com
> http://www.airlink.com
> 
> 
> 
> -- 
>   PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
> http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
>          To unsubscribe: mail redhat-list-request redhat com with 
>                        "unsubscribe" as the Subject.
>