26.1. Disabling Shutdown Via Ctrl-Alt-Del

By default, /etc/inittab specifies that your system is set to shutdown and reboot in response to a Ctrl-Alt-Del key combination used at the console. To completely disable this ability, comment out the following line in /etc/inittab by putting a hash mark (#) in front of it:

ca::ctrlaltdel:/sbin/shutdown -t3 -r now

Alternatively, you may want to allow certain non-root users the right to shutdown or reboot the system from the console using Ctrl-Alt-Del . You can restrict this privilege to certain users, by taking the following steps:

Add the -a option to the /etc/inittab line shown above, so that it reads:
```
ca::ctrlaltdel:/sbin/shutdown -a -t3 -r now
```
The -a flag tells shutdown to look for the /etc/shutdown.allow file.
Create a file named shutdown.allow in /etc. The shutdown.allow file should list the usernames of any users who are allowed to shutdown the system using Ctrl-Alt-Del . The format of the shutdown.allow file is a list of usernames, one per line, like the following:
```
stephen jack sophie
```

According to this example shutdown.allow file, the users stephen, jack, and sophie are allowed to shutdown the system from the console using Ctrl-Alt-Del . When that key combination is used, the shutdown -a command in /etc/inittab checks to see if any of the users in /etc/shutdown.allow (or root) are logged in on a virtual console. If one of them is, the shutdown of the system continues; if not, an error message is written to the system console instead.

For more information on shutdown.allow, refer to the shutdown man page.