Re: Preventing the computer from shutting down.
Hi
On Thu, Oct 30, 2014 at 11:07:27PM -0700, Don Armstrong wrote:
> On Thu, 30 Oct 2014, Joey Hess wrote:
> > Don Armstrong wrote:
> > > systemd-inhibit --who='backup script' --why='backup is running currently' \
> > > --mode=block yourbackupscript;
> >
> > This doesn't currently prevent either /sbin/shutdown or eg, the
> > lightdm menu item from shutting the system down. It does inhibit
> > systemctl reboot/halt.
>
> Huh. That seems kind of unfortunate (and weird, because /sbin/shutdown
> is symlinked to systemctl here; I would have expected /sbin/shutdown to
> be a special case of systemctl halt.)
molly-guard doesn't really mess with /sbin/shutdown and
family. Instead it implements, e.g. /usr/sbin/shutdown. Since
/usr/sbin precedes /sbin in $PATH this allows them to be overridden.
A bit clumsy, I agree, but sufficient to prevent administrator
mistakes.
Personally, I would have preferred molly-guard to use dpkg-divert, but
it works as it is.
> This is probably at least a documentation bug, and possibly a real bug.
In the case of molly-guard, I belive that is up for debate.
It only intentds to be a safety net, not a security feature. After
all, attempting to protect a system against the root user is
nonsensical.
Regards
--
Karl E. Jorgensen
Reply to: