Package: molly-guard
Version: 0.3-2
Severity: wishlist
At present molly-guard checks that you are a non-local user before
prompting yo for the server name, but this test does not, and can not
check for a variety of circumstances where a user is non-local, such as:
- User starts screen session locally, then connects to it remotely.
- Machine is being accessed via Integrated Lights-Out Management
console.
- Machine is one of many attached to a monitor switching device.
and other similar scenarios. Ideally this 'always on' behaviour would
be controlled by a debconf question on installation which I think should
probably default to 'yes', since we should assume that any environment
where molly-guard is installed should be conservatively protected from
accidental shutdown - else why would it have been installed in the first
place?
Below is a patch which implements the basic behaviour, however this does
not default to 'always on'.
============================================================
diff --git a/shutdown b/shutdown
index 29bd8fe..95af392 100755
--- a/shutdown
+++ b/shutdown
@@ -11,6 +11,9 @@ set -eu
ME=molly-guard
+ALWAYS_MOLLY=${ALWAYS_MOLLY:-"0"}
+[ -f /etc/default/${ME} ] && . /etc/default/${ME}
+
CMD="${0##*/}"
EXEC="/sbin/$CMD"
@@ -39,8 +42,8 @@ usage()
Instead of invoking $EXEC directly, $ME will prompt the user for the
machine's hostname to guard against accidental shutdowns/reboots, if the
- current shell is a child of an SSH connection (or --pretend-ssh) has
been
- given on the command line, if the shell is connected to an interactive
+ current shell is a child of an SSH connection (or --pretend-ssh has been
+ given on the command line), if the shell is connected to an interactive
terminal, and the actual command to execute is does not involve --help
or is
\`shutdown -c'.
@@ -49,6 +52,9 @@ usage()
make $ME echo the command it would execute rather than actually
executing
it.
+ $ME will always interpose the prompt if the environment variable
ALWAYS_MOLLY
+ is set to '1'. This variable may be set in the file /etc/default/${ME}
.
+
The actual command's help output follows:
_eousage
@@ -87,18 +93,22 @@ fi
# require an interactive terminal connected to stdin
test -t 0 || do_real_cmd
-# only run if we are being called over SSH, that is if the current terminal
-# was created by sshd.
-PTS=$(readlink /proc/$$/fd/0)
-if ! pgrep -f "^sshd.+${PTS#/dev/}[[:space:]]*$" >/dev/null \
- && [ -z "$SSH_CONNECTION" ]; then
- if [ $PRETEND_SSH -eq 1 ]; then
- echo "I: this is not an SSH session, but --pretend-ssh was given..."
- else
- do_real_cmd
- fi
+if [ ${ALWAYS_MOLLY} -eq 1 ]; then
+ echo "W: $ME: ${EXEC} is always molly-guarded on this server."
else
- echo "W: $ME: SSH session detected!"
+ # only run if we are being called over SSH, that is if the current terminal
+ # was created by sshd.
+ PTS=$(readlink /proc/$$/fd/0)
+ if ! pgrep -f "^sshd.+${PTS#/dev/}[[:space:]]*$" >/dev/null \
+ && [ -z "$SSH_CONNECTION" ]; then
+ if [ $PRETEND_SSH -eq 1 ]; then
+ echo "I: this is not an SSH session, but --pretend-ssh was given..."
+ else
+ do_real_cmd
+ fi
+ else
+ echo "W: $ME: SSH session detected!"
+ fi
fi
# pass through certain commands
============================================================
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.24.2-mousy
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_NZ.UTF-8)
Versions of packages molly-guard depends on:
ii sysvinit 2.86.ds1-38 System-V-like init utilities
molly-guard recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
