Re: [gentoo-user] Re: How to poweroff the system from user?
Neil Bothwick n...@digimed.co.uk writes: On Wed, 15 Apr 2015 00:06:33 +0200, lee wrote: How do you remember these keys? BUSIER backwards, or bookmark http://en.wikipedia.org/wiki/Magic_SysRq_key in your phone's browser :) Phone's browser? If you need the SysRq trick, you probably can't use your computer's browser ;) . Then I won't have a browser I could use. Never mind, there's always Post-It notes - they aren't only for passwords. That isn't better than printing the key bindings ... -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable.
Re: [gentoo-user] Re: How to poweroff the system from user?
Emanuele Rusconi ema...@gmail.com writes: On 8 April 2015 at 23:47, lee l...@yagibdah.de wrote: Neil Bothwick n...@digimed.co.uk writes: On Tue, 07 Apr 2015 21:21:38 +0200, lee wrote: How do you remember these keys? BUSIER backwards, or bookmark http://en.wikipedia.org/wiki/Magic_SysRq_key in your phone's browser :) Phone's browser? If you need the SysRq trick, you probably can't use your computer's browser ;) . Then I won't have a browser I could use. -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable.
Re: [gentoo-user] Re: How to poweroff the system from user?
On Wed, 15 Apr 2015 00:06:33 +0200, lee wrote: How do you remember these keys? BUSIER backwards, or bookmark http://en.wikipedia.org/wiki/Magic_SysRq_key in your phone's browser :) Phone's browser? If you need the SysRq trick, you probably can't use your computer's browser ;) . Then I won't have a browser I could use. Never mind, there's always Post-It notes - they aren't only for passwords. -- Neil Bothwick Always be sincere even if you don't mean it. pgp3pBY7zhkwm.pgp Description: OpenPGP digital signature
Re: [gentoo-user] Re: How to poweroff the system from user?
Neil Bothwick n...@digimed.co.uk writes: On Tue, 07 Apr 2015 21:21:38 +0200, lee wrote: It will in many cases (probably most). Usually it's xorg that freezes the keyboard, in those cases ctrl-alt-sysrq-r followed by ctrl-alt-f1 should get you to the VT where you can restart xorg. I think the kernel needs to be completely locked with interrupts disabled or locked in a higher priority interrupt (unlikely) for it not to work or the USB stack totally broken. I can see some of the commands failing or even completely locking the kernel if something's really messed up. How do you remember these keys? BUSIER backwards, or bookmark http://en.wikipedia.org/wiki/Magic_SysRq_key in your phone's browser :) Phone's browser? -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable.
Re: [gentoo-user] Re: How to poweroff the system from user?
On 8 April 2015 at 23:47, lee l...@yagibdah.de wrote: Neil Bothwick n...@digimed.co.uk writes: On Tue, 07 Apr 2015 21:21:38 +0200, lee wrote: How do you remember these keys? BUSIER backwards, or bookmark http://en.wikipedia.org/wiki/Magic_SysRq_key in your phone's browser :) Phone's browser? If you need the SysRq trick, you probably can't use your computer's browser ;) . -- Emanuele Rusconi
Re: [gentoo-user] Re: How to poweroff the system from user?
Fernando Rodriguez frodriguez.develo...@outlook.com writes: On Saturday, April 04, 2015 2:41:12 PM lee wrote: I always can't remember which keys to press with that, so I have it disabled. And when the keyboard is unresponsive, it won't work. It will in many cases (probably most). Usually it's xorg that freezes the keyboard, in those cases ctrl-alt-sysrq-r followed by ctrl-alt-f1 should get you to the VT where you can restart xorg. I think the kernel needs to be completely locked with interrupts disabled or locked in a higher priority interrupt (unlikely) for it not to work or the USB stack totally broken. I can see some of the commands failing or even completely locking the kernel if something's really messed up. How do you remember these keys? A long time ago, I even printed a list, and of course, it got lost before I ever came close to needing it. Paper is just too volatile. -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable.
Re: [gentoo-user] Re: How to poweroff the system from user?
Rich Freeman ri...@gentoo.org writes: On Sat, Apr 4, 2015 at 8:41 AM, lee l...@yagibdah.de wrote: Oh I mean the *default*. We should not need to change the inittab to have it disabled by default. Isn't commenting out the whole line sufficient? Uh, commenting out the line is changing the inittab (and I have no idea if it works or not offhand). With Gentoo I prefer to not have huge religious debates about Gentoo. We try to give users as much choice as possible which lets us sidestep stupid arguments about whether such-and-such is better than something else. The problem is that by their nature there usually can only be one default (or one default default if you want to make it turtles all the way down with profiles and such). So, suddenly we end up fighting over this stuff anyway... Living in the past is not onwardly a good default. (At first I wanted to say Living in the past seldom is a good default. --- but the usage of seldom and the idea of using seldomly gave me to think, and it seems that seldom can mean something like not onwardly. And I don't know whether it should be Living in the past is seldom a good default. --- which even I notice could be considered as rather unfriendly by native English speakers --- or ... seldom is However, not onwardly might create an interesting tautology here, so it has it's merits.) -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable.
Re: [gentoo-user] Re: How to poweroff the system from user?
On Tuesday, April 07, 2015 9:21:38 PM lee wrote: Fernando Rodriguez frodriguez.develo...@outlook.com writes: On Saturday, April 04, 2015 2:41:12 PM lee wrote: I always can't remember which keys to press with that, so I have it disabled. And when the keyboard is unresponsive, it won't work. It will in many cases (probably most). Usually it's xorg that freezes the keyboard, in those cases ctrl-alt-sysrq-r followed by ctrl-alt-f1 should get you to the VT where you can restart xorg. I think the kernel needs to be completely locked with interrupts disabled or locked in a higher priority interrupt (unlikely) for it not to work or the USB stack totally broken. I can see some of the commands failing or even completely locking the kernel if something's really messed up. How do you remember these keys? A long time ago, I even printed a list, and of course, it got lost before I ever came close to needing it. Paper is just too volatile. Like I said: Reboot Even If System Utterly Broken I don't have a way to remember the specific keys other than knowing what the shutdown sequence is. -- Fernando Rodriguez
Re: [gentoo-user] Re: How to poweroff the system from user?
lee l...@yagibdah.de writes: Living in the past is not onwardly a good default. s/is not onwardly/seldwhen is/
Re: [gentoo-user] Re: How to poweroff the system from user?
On Tue, 07 Apr 2015 21:21:38 +0200, lee wrote: It will in many cases (probably most). Usually it's xorg that freezes the keyboard, in those cases ctrl-alt-sysrq-r followed by ctrl-alt-f1 should get you to the VT where you can restart xorg. I think the kernel needs to be completely locked with interrupts disabled or locked in a higher priority interrupt (unlikely) for it not to work or the USB stack totally broken. I can see some of the commands failing or even completely locking the kernel if something's really messed up. How do you remember these keys? BUSIER backwards, or bookmark http://en.wikipedia.org/wiki/Magic_SysRq_key in your phone's browser :) -- Neil Bothwick Q. What is the difference between Queensland and yoghurt? A. Yoghurt has an active culture. pgp9AzXPs1_De.pgp Description: OpenPGP digital signature
Re: [gentoo-user] Re: How to poweroff the system from user?
On Sun, Apr 5, 2015 at 3:27 AM, Dale rdalek1...@gmail.com wrote: Neil Bothwick wrote: On Sat, 04 Apr 2015 14:41:12 +0200, lee wrote: On Linux now there's the Magic SysRq Key feature for that. I always can't remember which keys to press with that, so I have it disabled. BUSIER backwards. And when the keyboard is unresponsive, it won't work. It usually does. The kernel sees the Magic key events directly, so even if your X server has crashed, it will still respond to Alt-SysReq. I used that on a few puters. I don't recall this ever not working. X may not see the keyboard but the kernel does. It's a life saver at times too. At least you can sync and unmount cleanly. If you're dealing with a kernel panic of some kind (which you inevitably are when you are doing this sort of thing), all bets are off. I'll agree that usually the magic sysrq works. However, there are certainly going to be cases where it doesn't, or at least where parts of it don't work. In my case the part that usually fails for me right now is btrfs, so unmounting won't work anyway (though I guess it will take care of the ext4 backup partition that is only rarely touched anyway). -- Rich
Re: [gentoo-user] Re: How to poweroff the system from user?
Rich Freeman wrote: On Sun, Apr 5, 2015 at 3:27 AM, Dale rdalek1...@gmail.com wrote: Neil Bothwick wrote: On Sat, 04 Apr 2015 14:41:12 +0200, lee wrote: On Linux now there's the Magic SysRq Key feature for that. I always can't remember which keys to press with that, so I have it disabled. BUSIER backwards. And when the keyboard is unresponsive, it won't work. It usually does. The kernel sees the Magic key events directly, so even if your X server has crashed, it will still respond to Alt-SysReq. I used that on a few puters. I don't recall this ever not working. X may not see the keyboard but the kernel does. It's a life saver at times too. At least you can sync and unmount cleanly. If you're dealing with a kernel panic of some kind (which you inevitably are when you are doing this sort of thing), all bets are off. I'll agree that usually the magic sysrq works. However, there are certainly going to be cases where it doesn't, or at least where parts of it don't work. In my case the part that usually fails for me right now is btrfs, so unmounting won't work anyway (though I guess it will take care of the ext4 backup partition that is only rarely touched anyway). That is true but it seems to work most of the time for the usual failures. Ask some old timers on this list, hitting reset or having to pull the plug from the wall really gets on my nerve, every single one of them and in a hurry. Dare I think about hal and what a mess it caused for me. Dale :-) :-)
Re: [gentoo-user] Re: How to poweroff the system from user?
Neil Bothwick wrote: On Sat, 04 Apr 2015 14:41:12 +0200, lee wrote: On Linux now there's the Magic SysRq Key feature for that. I always can't remember which keys to press with that, so I have it disabled. BUSIER backwards. And when the keyboard is unresponsive, it won't work. It usually does. The kernel sees the Magic key events directly, so even if your X server has crashed, it will still respond to Alt-SysReq. I used that on a few puters. I don't recall this ever not working. X may not see the keyboard but the kernel does. It's a life saver at times too. At least you can sync and unmount cleanly. Dale :-) :-)
Re: [gentoo-user] Re: How to poweroff the system from user?
Fernando Rodriguez frodriguez.develo...@outlook.com writes: On Sunday, March 29, 2015 12:23:00 PM lee wrote: Philip Webb purs...@ca.inter.net writes: What's the last time you pressed Ctrl+Alt+Del and it actually worked? It's a legacy thing from times when freezes/crashes were common and when it did work and was useful. Nowadays, when you're pressing it, usually nothing happens anyway because the machine is down to where you have to press the reset button or to turn off the power (if you can't log in with ssh). When the machine still works, Ctrl+Alt+Del also works, which means that the default does nothing but create a security hole. On Linux now there's the Magic SysRq Key feature for that. I always can't remember which keys to press with that, so I have it disabled. And when the keyboard is unresponsive, it won't work. So how can we have this default changed? Somebody posted that on this very thread. Replace the ctrlaltdel entry on inittab with /bin/false. Oh I mean the *default*. We should not need to change the inittab to have it disabled by default. Isn't commenting out the whole line sufficient? -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable.
Re: [gentoo-user] Re: How to poweroff the system from user?
On Sat, Apr 4, 2015 at 8:41 AM, lee l...@yagibdah.de wrote: Oh I mean the *default*. We should not need to change the inittab to have it disabled by default. Isn't commenting out the whole line sufficient? Uh, commenting out the line is changing the inittab (and I have no idea if it works or not offhand). With Gentoo I prefer to not have huge religious debates about Gentoo. We try to give users as much choice as possible which lets us sidestep stupid arguments about whether such-and-such is better than something else. The problem is that by their nature there usually can only be one default (or one default default if you want to make it turtles all the way down with profiles and such). So, suddenly we end up fighting over this stuff anyway... -- Rich
Re: [gentoo-user] Re: How to poweroff the system from user?
On Sat, 04 Apr 2015 14:41:12 +0200, lee wrote: On Linux now there's the Magic SysRq Key feature for that. I always can't remember which keys to press with that, so I have it disabled. BUSIER backwards. And when the keyboard is unresponsive, it won't work. It usually does. The kernel sees the Magic key events directly, so even if your X server has crashed, it will still respond to Alt-SysReq. -- Neil Bothwick Linux users do it without paying a Bill pgpfHLZpMKZw5.pgp Description: OpenPGP digital signature
Re: [gentoo-user] Re: How to poweroff the system from user?
On Saturday, April 04, 2015 2:41:12 PM lee wrote: I always can't remember which keys to press with that, so I have it disabled. And when the keyboard is unresponsive, it won't work. It will in many cases (probably most). Usually it's xorg that freezes the keyboard, in those cases ctrl-alt-sysrq-r followed by ctrl-alt-f1 should get you to the VT where you can restart xorg. I think the kernel needs to be completely locked with interrupts disabled or locked in a higher priority interrupt (unlikely) for it not to work or the USB stack totally broken. I can see some of the commands failing or even completely locking the kernel if something's really messed up. -- Fernando Rodriguez
Re: [gentoo-user] Re: How to poweroff the system from user?
On Tuesday, March 31, 2015 1:57:32 AM Fernando Rodriguez wrote: On Sunday, March 29, 2015 12:23:00 PM lee wrote: Philip Webb purs...@ca.inter.net writes: What's the last time you pressed Ctrl+Alt+Del and it actually worked? It's a legacy thing from times when freezes/crashes were common and when it did work and was useful. Nowadays, when you're pressing it, usually nothing happens anyway because the machine is down to where you have to press the reset button or to turn off the power (if you can't log in with ssh). When the machine still works, Ctrl+Alt+Del also works, which means that the default does nothing but create a security hole. On Linux now there's the Magic SysRq Key feature for that. If enabled (I think it is by default, may be wrong) you can use ctrl-alt-sysrq plus one these keys even if your kernel panics or freezes in most cases (ctrl may only be needed from xorg): r - to get the keyboard back so you can switch to VT if xorg freezes e - to terminate all processes gracefully (SIGTERM) except pid 1 i - to terminate all processes forcefully (SIGKILL) except pid 1 s - to sync all filesystems u - to unmount them and remount readonly b - to reboot Easy to remember as Reboot Even If System Utterly Broken There's a lot of other commands in the kernel docs sysrq.txt So how can we have this default changed? Somebody posted that on this very thread. Replace the ctrlaltdel entry on inittab with /bin/false. Actually it says after a crash or freeze but not a panic. -- Fernando Rodriguez
Re: [gentoo-user] Re: How to poweroff the system from user?
On Tue, Mar 31, 2015 at 1:57 AM, Fernando Rodriguez frodriguez.develo...@outlook.com wrote: On Linux now there's the Magic SysRq Key feature for that. If enabled (I think it is by default, may be wrong) you can use ctrl-alt-sysrq plus one these keys even if your kernel panics or freezes in most cases (ctrl may only be needed from xorg): r - to get the keyboard back so you can switch to VT if xorg freezes e - to terminate all processes gracefully (SIGTERM) except pid 1 i - to terminate all processes forcefully (SIGKILL) except pid 1 s - to sync all filesystems u - to unmount them and remount readonly b - to reboot You have to set MAGIC_SYSRQ to y for it to be enabled. You can set the capabilities of sysrq either via 'MAGIC_SYSRQ_DEFAULT_ENABLE or via sysctl. Debian uses the former (to set it to 438) and Ubuntu and Fedora use the latter (to set it to 176 and 16 respectively). 16 is systemd upstream's default whereby you can only sync filesystems. It's the kind of value that can be the source of a lot of arguing... Easy to remember as Reboot Even If System Utterly Broken I remember it as the reverse of busier.
Re: [gentoo-user] Re: How to poweroff the system from user?
Easy to remember as Reboot Even If System Utterly Broken I remember it as the reverse of busier. A variant I read somewhere is Raising (Skinny) Elephants Is So Utterly Boring. Skinny is an extra optional sync, it doesn't hurt and makes the mnemonic funnier.
Re: [gentoo-user] Re: How to poweroff the system from user?
On Tue, Mar 31, 2015 at 5:42 AM, Emanuele Rusconi ema...@gmail.com wrote: Easy to remember as Reboot Even If System Utterly Broken I remember it as the reverse of busier. A variant I read somewhere is Raising (Skinny) Elephants Is So Utterly Boring. Skinny is an extra optional sync, it doesn't hurt and makes the mnemonic funnier. :)
Re: [gentoo-user] Re: How to poweroff the system from user?
On Sunday, March 29, 2015 12:23:00 PM lee wrote: Philip Webb purs...@ca.inter.net writes: What's the last time you pressed Ctrl+Alt+Del and it actually worked? It's a legacy thing from times when freezes/crashes were common and when it did work and was useful. Nowadays, when you're pressing it, usually nothing happens anyway because the machine is down to where you have to press the reset button or to turn off the power (if you can't log in with ssh). When the machine still works, Ctrl+Alt+Del also works, which means that the default does nothing but create a security hole. On Linux now there's the Magic SysRq Key feature for that. If enabled (I think it is by default, may be wrong) you can use ctrl-alt-sysrq plus one these keys even if your kernel panics or freezes in most cases (ctrl may only be needed from xorg): r - to get the keyboard back so you can switch to VT if xorg freezes e - to terminate all processes gracefully (SIGTERM) except pid 1 i - to terminate all processes forcefully (SIGKILL) except pid 1 s - to sync all filesystems u - to unmount them and remount readonly b - to reboot Easy to remember as Reboot Even If System Utterly Broken There's a lot of other commands in the kernel docs sysrq.txt So how can we have this default changed? Somebody posted that on this very thread. Replace the ctrlaltdel entry on inittab with /bin/false. -- Fernando Rodriguez
Re: [gentoo-user] Re: How to poweroff the system from user?
Philip Webb purs...@ca.inter.net writes: 150322 Peter Humphrey wrote: On Sunday 22 March 2015 13:04:44 Nikos Chantziaras wrote: I can reboot the system when I am a user by Ctrl+Alt+Delete. The user can reboot the system, but can't shut down ? Strange The thinking is that you can unplug the machine or press the hardware reset or power button or flip the PSU switch ... Preventing a ctrl+alt+del reboot does not add anything to security. Security doesn't apply to users with physical access to the machine. However, this is just a default. You can easily disable reboot on ctrl+alt+del by editing /etc/inittab and commenting-out this line: ca:12345:ctrlaltdel:/sbin/shutdown -r now Testing my single-user box with the above line in inittab , I find that if I enter 'A-^Del' , I exit X to the raw terminal ; That's usually Ctrl+Alt+Backspace. I had to turn that off with 'Option DontZap true' in the server section of xorg.conf because I somehow happen to press that accidentally about once a month :/ The 1st effect is explained in ~/.fluxbox/keys by # exit fluxbox Control Mod1 Delete :Exit So whatever handles keyboard inputs with the X server even intercepts Ctrl+Alt+Del? Does fluxbox quit all programs nicely before it exits? However, the 2nd effect is not explained so easily : 'A-^Del' reboots when entered at a raw terminal, but 'shutdown -r now' does not, yet the former is defined as the latter by the line above in my /etc/inittab . The cause seems to be that 'A-^Del' is intercepted by 'init' (Process 1), which is owned by root, but 'shutdown -r now' is heard by Process 910 -- 'bash' running in the raw terminal, which was started by 'init' -- , which is owned by my user. So the behaviour is explained, but following my earlier msg, which advised to follow proper Unix principles, I should comment the 'A-^Del' line in inittab : if the raw terminal can't react to 'su', it won't react to 'A-^Del' either, so there's no justification in terms of escaping from an emergency. What happens when you comment out the entry in inittab and someone presses Ctrl+Alt+Del? Nothing? pressing the reset button is far worse, since there's no clean shutdown, unmounting filesystems after flushing caches, etc. Yes : that's forced only when the keyboard ceases to respond. Because of that, the default of allowing ctrl+alt+del for local users makes more sense than disabling it. That doesn't follow : if you have multiple users, you don't want some rogue user rebooting randomly ; it makes sense only as a convenience on a single-user system. It seems to be the default behaviour of 'inittab' -- there no comment saying I set it myself, which I would have added -- , which is not appropriate for Gentoo systems in general, some of which are undoubtedly multi-user. Undefined behaviour as the default also isn't ideal, and I agree that nothing happens would be much better: What's the last time you pressed Ctrl+Alt+Del and it actually worked? It's a legacy thing from times when freezes/crashes were common and when it did work and was useful. Nowadays, when you're pressing it, usually nothing happens anyway because the machine is down to where you have to press the reset button or to turn off the power (if you can't log in with ssh). When the machine still works, Ctrl+Alt+Del also works, which means that the default does nothing but create a security hole. So how can we have this default changed? -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable.
Re: [gentoo-user] Re: How to poweroff the system from user?
2015-03-26 13:13 GMT-03:00 Hans li...@interworld.net.au: On 22/03/15 05:26, German wrote: If I run poweroff from root, the system shuts down, however when I run poweroff from user -- command not found. How to shut down the system from user? Thanks If nothing works, I use the big red switch at the front of my box to poweroff. I don't know if this has been already answered: edit /etc/sudoers to include a line like the one bellow: your_user_name ALL=NOPASSWD:/sbin/halt,NOPASSWD:/sbin/reboot,NOPASSWD:/sbin/poweroff, Then log off and log in again, and it should work. Hope this helps, Francisco
[gentoo-user] Re: How to poweroff the system from user?
On 22/03/15 05:26, German wrote: If I run poweroff from root, the system shuts down, however when I run poweroff from user -- command not found. How to shut down the system from user? Thanks If nothing works, I use the big red switch at the front of my box to poweroff.
Re: [gentoo-user] Re: How to poweroff the system from user?
On 26 March 2015 at 17:28, Francisco Ares fra...@gmail.com wrote: edit /etc/sudoers to include a line like the one bellow: your_user_name ALL=NOPASSWD:/sbin/halt,NOPASSWD:/sbin/reboot,NOPASSWD:/sbin/poweroff, Then log off and log in again, and it should work. Hope this helps, Francisco Yeah, lots of ways to do it, there's no need of systemd. Or do people think that Linux users haven't been able to shut down or reboot their computers for the past 30 years? :D Oh, wait, maybe THAT's the reason for the long uptimes. :D :D -- Emanuele Rusconi
[gentoo-user] Re: How to poweroff the system from user?
On 23/03/15 14:16, Matti Nykyri wrote: On Mar 23, 2015, at 14:13, Nikos Chantziaras rea...@gmail.com wrote: On 23/03/15 11:46, Peter Humphrey wrote: The consensus seems to be that there's no point in trying to prevent a user from rebooting the machine, and I'm happy to go along with that. The remaining question is: why is the user not allowed to halt it? Because there's no keyboard shortcut for halt. Only for reboot :-) Well you can set init to run halt on ctrl-alt-up arrow -keypress. This is mostly about standard expectations though. No one expects to halt the machine with the vulcan pinch. You press the power button for that, which does a safe shutdown in the majority of setups (unless you have all power management features disabled.) Nowadays, only the reset button is a source of evil, as it's not handled by ACPI (or other power management mechanisms). It really is hardwired into resetting the the mainboard/cpu. So: Rebooting with ctrl+alt+del: safe Halting by pressing the machine's power button: safe Pressing the machine's reset button: Ouch! Of course, back in the bad old days, the power button would simply cut power. There was no ACPI or anything equivalent. But still, even then, there was no keyboard shortcut for halt anyway, so people weren't expecting to be able to safely halt a machine without root access. The ability to reboot safely, on the other hand, was always expected.
Re: [gentoo-user] Re: How to poweroff the system from user?
On Mar 23, 2015, at 14:13, Nikos Chantziaras rea...@gmail.com wrote: On 23/03/15 11:46, Peter Humphrey wrote: The consensus seems to be that there's no point in trying to prevent a user from rebooting the machine, and I'm happy to go along with that. The remaining question is: why is the user not allowed to halt it? Because there's no keyboard shortcut for halt. Only for reboot :-) Well you can set init to run halt on ctrl-alt-up arrow -keypress. -- -Matti
[gentoo-user] Re: How to poweroff the system from user?
On 23/03/15 11:46, Peter Humphrey wrote: The consensus seems to be that there's no point in trying to prevent a user from rebooting the machine, and I'm happy to go along with that. The remaining question is: why is the user not allowed to halt it? Because there's no keyboard shortcut for halt. Only for reboot :-)
Re: [gentoo-user] Re: How to poweroff the system from user?
On Sunday 22 March 2015 13:04:44 Nikos Chantziaras wrote: On 22/03/15 12:30, Peter Humphrey wrote: On Saturday 21 March 2015 16:20:17 Jc García wrote: Interesting. But as I said ealier, I can reboot the system when I am a user by Ctrl+Alt+Delete. The user can reboot the system, but can't shut down? Strange It's not strange, `man 2 reboot`. It's a defined behavior. I'm with German here. Being designed that way doesn't stop it being strange. Consider: I'm an ordinary user sitting at a terminal. I'm not allowed to halt the machine, but I am allowed to reboot it into perhaps some quite other configuration. Or I can keep rebooting it over and again, effectively preventing the machine from doing its job. How does that make sense? The thinking is that you can unplug the machine, or press the hardware reset or power button, or flip the PSU switch... Preventing a ctrl+alt+del reboot does not add anything to security. Security doesn't really apply to users with physical access to the machine. Indeed, as witness many successful hijacks of supposedly secure systems. However, this is just a default. You can easily disable reboot on ctrl+alt+del by editing /etc/inittab and commenting-out this line: ca:12345:ctrlaltdel:/sbin/shutdown -r now All good sense. Note though, that is someone wants to reboot, and ctrl+alt+del doesn't work, pressing the reset button is far worse, since there's no clean shutdown performed (unmounting filesystems after flushing caches, etc.) Because of that, the default of allowing ctrl+alt+del for local users makes more sense than disabling it. And there's no arguing with that! :_) -- Rgds Peter.
[gentoo-user] Re: How to poweroff the system from user?
On 21/03/15 21:26, German wrote: If I run poweroff from root, the system shuts down, however when I run poweroff from user -- command not found. How to shut down the system from user? Thanks If you have dbus running (KDE, Gnome and others automatically use it), then you can shut down with something like: dbus-send --system --print-reply --dest=org.freedesktop.ConsoleKit /org/freedesktop/ConsoleKit/Manager org.freedesktop.ConsoleKit.Manager.Stop You can make the above a script and save it in /usr/local/bin/dbus-halt (or whatever.) Some more scripts: https://bbs.archlinux.org/viewtopic.php?id=127962
[gentoo-user] Re: How to poweroff the system from user?
On 22/03/15 12:30, Peter Humphrey wrote: On Saturday 21 March 2015 16:20:17 Jc García wrote: Interesting. But as I said ealier, I can reboot the system when I am a user by Ctrl+Alt+Delete. The user can reboot the system, but can't shut down? Strange It's not strange, `man 2 reboot`. It's a defined behavior. I'm with German here. Being designed that way doesn't stop it being strange. Consider: I'm an ordinary user sitting at a terminal. I'm not allowed to halt the machine, but I am allowed to reboot it into perhaps some quite other configuration. Or I can keep rebooting it over and again, effectively preventing the machine from doing its job. How does that make sense? The thinking is that you can unplug the machine, or press the hardware reset or power button, or flip the PSU switch... Preventing a ctrl+alt+del reboot does not add anything to security. Security doesn't really apply to users with physical access to the machine. However, this is just a default. You can easily disable reboot on ctrl+alt+del by editing /etc/inittab and commenting-out this line: ca:12345:ctrlaltdel:/sbin/shutdown -r now Note though, that is someone wants to reboot, and ctrl+alt+del doesn't work, pressing the reset button is far worse, since there's no clean shutdown performed (unmounting filesystems after flushing caches, etc.) Because of that, the default of allowing ctrl+alt+del for local users makes more sense than disabling it.
Re: [gentoo-user] Re: How to poweroff the system from user?
150322 Peter Humphrey wrote: On Sunday 22 March 2015 13:04:44 Nikos Chantziaras wrote: I can reboot the system when I am a user by Ctrl+Alt+Delete. The user can reboot the system, but can't shut down ? Strange The thinking is that you can unplug the machine or press the hardware reset or power button or flip the PSU switch ... Preventing a ctrl+alt+del reboot does not add anything to security. Security doesn't apply to users with physical access to the machine. However, this is just a default. You can easily disable reboot on ctrl+alt+del by editing /etc/inittab and commenting-out this line: ca:12345:ctrlaltdel:/sbin/shutdown -r now Testing my single-user box with the above line in inittab , I find that if I enter 'A-^Del' , I exit X to the raw terminal ; another 'A-^Del' then reboots the box. If I enter 'shutdown -r now' as user, I get shutdown: you must be root to do that!. 'cd /sbin ; ls -l shutdown' shows '-rwxr-xr-x 1 root root 23192 May 17 2014 shutdown', so that behaviour arises from the shutdown script, not the permissions. The 1st effect is explained in ~/.fluxbox/keys by # exit fluxbox Control Mod1 Delete :Exit However, the 2nd effect is not explained so easily : 'A-^Del' reboots when entered at a raw terminal, but 'shutdown -r now' does not, yet the former is defined as the latter by the line above in my /etc/inittab . The cause seems to be that 'A-^Del' is intercepted by 'init' (Process 1), which is owned by root, but 'shutdown -r now' is heard by Process 910 -- 'bash' running in the raw terminal, which was started by 'init' -- , which is owned by my user. So the behaviour is explained, but following my earlier msg, which advised to follow proper Unix principles, I should comment the 'A-^Del' line in inittab : if the raw terminal can't react to 'su', it won't react to 'A-^Del' either, so there's no justification in terms of escaping from an emergency. pressing the reset button is far worse, since there's no clean shutdown, unmounting filesystems after flushing caches, etc. Yes : that's forced only when the keyboard ceases to respond. Because of that, the default of allowing ctrl+alt+del for local users makes more sense than disabling it. That doesn't follow : if you have multiple users, you don't want some rogue user rebooting randomly ; it makes sense only as a convenience on a single-user system. It seems to be the default behaviour of 'inittab' -- there no comment saying I set it myself, which I would have added -- , which is not appropriate for Gentoo systems in general, some of which are undoubtedly multi-user. -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca
Re: [gentoo-user] Re: How to poweroff the system from user?
150322 Nikos Chantziaras wrote: On 22/03/15 17:58, Philip Webb wrote: If you have multiple users, you don't want some rogue user rebooting randomly You can't stop a local user from doing that. As mentioned, the reset button works just fine. You really do want those users to reboot the system properly rather than pressing reset. Environments where the machine is locked away with only the keyboard being accessible are far less common than people sitting in front of the actual machine. We're picturing different set-ups : I'm thinking of a campus system, where the machine is in a locked room accessible to the sysadmin (root) users log in somewhere else via machines which act as terminals ; you are perhaps refering to a family or small-office machine, where there are no other means of access, but users log in separately. You are correct in the latter case. -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca
Re: [gentoo-user] Re: How to poweroff the system from user?
On Mar 22, 2015, at 17:58, Philip Webb purs...@ca.inter.net wrote: 150322 Peter Humphrey wrote: On Sunday 22 March 2015 13:04:44 Nikos Chantziaras wrote: I can reboot the system when I am a user by Ctrl+Alt+Delete. The user can reboot the system, but can't shut down ? Strange The thinking is that you can unplug the machine or press the hardware reset or power button or flip the PSU switch ... Preventing a ctrl+alt+del reboot does not add anything to security. Security doesn't apply to users with physical access to the machine. However, this is just a default. You can easily disable reboot on ctrl+alt+del by editing /etc/inittab and commenting-out this line: ca:12345:ctrlaltdel:/sbin/shutdown -r now Testing my single-user box with the above line in inittab , I find that if I enter 'A-^Del' , I exit X to the raw terminal ; another 'A-^Del' then reboots the box. If I enter 'shutdown -r now' as user, I get shutdown: you must be root to do that!. 'cd /sbin ; ls -l shutdown' shows '-rwxr-xr-x 1 root root 23192 May 17 2014 shutdown', so that behaviour arises from the shutdown script, not the permissions. The 1st effect is explained in ~/.fluxbox/keys by # exit fluxbox Control Mod1 Delete :Exit However, the 2nd effect is not explained so easily : 'A-^Del' reboots when entered at a raw terminal, but 'shutdown -r now' does not, yet the former is defined as the latter by the line above in my /etc/inittab . The cause seems to be that 'A-^Del' is intercepted by 'init' (Process 1), which is owned by root, but 'shutdown -r now' is heard by Process 910 -- 'bash' running in the raw terminal, which was started by 'init' -- , which is owned by my user. So the behaviour is explained, but following my earlier msg, which advised to follow proper Unix principles, I should comment the 'A-^Del' line in inittab : if the raw terminal can't react to 'su', it won't react to 'A-^Del' either, so there's no justification in terms of escaping from an emergency. When you press ctrl-alt-delete kernel recieves it and sends it to the program that has grabbed the keyboard. If this program doesn't trap the sequence it goes to the parent program. Like if you are running a terminal in X it first goes to the shell then terminal and then to X-server. Now usually X traps that and performs what ever action is configured. If you set X not to trap the key press it goes all the way down back to the kernel. When kernel receives it it generates hang-up signal and sends it to the PID 1 aka init. And then executes the command in inittab. ca:12345:ctrlaltdel:/bin/echo shutdown And then: kill -HUP 1 Will print shutdown to your console. If you write a small program that traps ctrl-alt-del and run that in terminal, the server will not reboot :) pressing the reset button is far worse, since there's no clean shutdown, unmounting filesystems after flushing caches, etc. Yes : that's forced only when the keyboard ceases to respond. Because of that, the default of allowing ctrl+alt+del for local users makes more sense than disabling it. That doesn't follow : if you have multiple users, you don't want some rogue user rebooting randomly ; it makes sense only as a convenience on a single-user system. It seems to be the default behaviour of 'inittab' -- there no comment saying I set it myself, which I would have added -- , which is not appropriate for Gentoo systems in general, some of which are undoubtedly multi-user. On a multi-user system only the user sitting on the local terminal can press ctrl-alt-del and reboot the machine as he could also hit the server with a sledge hammer :) -- -Matti
[gentoo-user] Re: How to poweroff the system from user?
On 22/03/15 17:58, Philip Webb wrote: Because of that, the default of allowing ctrl+alt+del for local users makes more sense than disabling it. That doesn't follow : if you have multiple users, you don't want some rogue user rebooting randomly You can't stop a local user from doing that. As mentioned, the reset button works just fine. You really do want those users to reboot the system properly rather than pressing reset... Environments where the machine is locked away with only the keyboard being accessible are far less common than people sitting in front of the actual machine.
[gentoo-user] Re: How to poweroff the system from user?
On 22/03/15 22:12, Philip Webb wrote: 150322 Nikos Chantziaras wrote: On 22/03/15 17:58, Philip Webb wrote: If you have multiple users, you don't want some rogue user rebooting randomly You can't stop a local user from doing that. As mentioned, the reset button works just fine. You really do want those users to reboot the system properly rather than pressing reset. Environments where the machine is locked away with only the keyboard being accessible are far less common than people sitting in front of the actual machine. We're picturing different set-ups : I'm thinking of a campus system, where the machine is in a locked room accessible to the sysadmin (root) users log in somewhere else via machines which act as terminals ; you are perhaps refering to a family or small-office machine, where there are no other means of access, but users log in separately. You are correct in the latter case. Well, remote logins can't reboot with ctrl+alt+del. That's reserved only for the users using the actual console. Meaning the keyboard hooked up to the machine with the PS/2 or USB cable. SSH login or thin clients can't reboot. If you press ctrl+alt+del on the terminal machine, that's only going to reboot the terminal machine. We had such a setup using Sun Rays in the past. Non-console logins are getting the full security treatment.