Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
temporarily disable shutdown
158 views
Skip to first unread message
Matthias Bodenbinder
Mar 28, 2015, 1:40:04 PM3/28/15
to
Hi,
how can I temporarily disable shutdown or reboot?
My use case is the following: I create a file /tmp/NO_SHUTDOWN. If that file exists, a shutdown or reboot should not be possible.
I have molly-guard installed and a script in /etc/molly-guard/run.d/ tests the existence of that file and prevents shutdown/reboot on the commandline.
But a user in KDE can still do reboot/shutdown from either KDE or even KDM. How can I prevent that with a file /tmp/NO_SHUTDOWN.
Thank you for your help
Matthias
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: https://lists.debian.org/mf6odd$lje$1...@ger.gmane.org
how can I temporarily disable shutdown or reboot?
My use case is the following: I create a file /tmp/NO_SHUTDOWN. If that file exists, a shutdown or reboot should not be possible.
I have molly-guard installed and a script in /etc/molly-guard/run.d/ tests the existence of that file and prevents shutdown/reboot on the commandline.
But a user in KDE can still do reboot/shutdown from either KDE or even KDM. How can I prevent that with a file /tmp/NO_SHUTDOWN.
Thank you for your help
Matthias
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: https://lists.debian.org/mf6odd$lje$1...@ger.gmane.org
Mr Queue
Mar 28, 2015, 1:50:05 PM3/28/15
to
It's as simple as correcting user/group permissions.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: https://lists.debian.org/5516E78A...@mrqueue.com
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Michael Biebl
Mar 28, 2015, 2:00:04 PM3/28/15
to
Am 28.03.2015 um 18:29 schrieb Matthias Bodenbinder:
> Hi,
>
> how can I temporarily disable shutdown or reboot?
>
> My use case is the following: I create a file /tmp/NO_SHUTDOWN. If that file exists, a shutdown or reboot should not be possible.
> I have molly-guard installed and a script in /etc/molly-guard/run.d/ tests the existence of that file and prevents shutdown/reboot on the commandline.
>
> But a user in KDE can still do reboot/shutdown from either KDE or even KDM. How can I prevent that with a file /tmp/NO_SHUTDOWN.
If you are using jessie and systemd, you can use
> Hi,
>
> how can I temporarily disable shutdown or reboot?
>
> My use case is the following: I create a file /tmp/NO_SHUTDOWN. If that file exists, a shutdown or reboot should not be possible.
> I have molly-guard installed and a script in /etc/molly-guard/run.d/ tests the existence of that file and prevents shutdown/reboot on the commandline.
>
> But a user in KDE can still do reboot/shutdown from either KDE or even KDM. How can I prevent that with a file /tmp/NO_SHUTDOWN.
systemd-inhibit [1].
You can run something like
systemd-inhibit --what=shutdown --mode=block /bin/sleep 3600
to block shutdown for 1h.
Cheers,
Michael
[1] http://www.freedesktop.org/software/systemd/man/systemd-inhibit.html
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
Matthias Bodenbinder
Mar 29, 2015, 3:50:04 AM3/29/15
to
Hello Michael,
that is a very good suggestion. Thank you. But I also have debian stable.
Do you have any idea for debain stable as well?
Matthias
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: https://lists.debian.org/mf8apt$j92$1...@ger.gmane.org
that is a very good suggestion. Thank you. But I also have debian stable.
Do you have any idea for debain stable as well?
Matthias
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Matthias Bodenbinder
Mar 29, 2015, 5:50:04 AM3/29/15
to
Am 28.03.2015 um 18:51 schrieb Michael Biebl:
> You can run something like
>
> systemd-inhibit --what=shutdown --mode=block /bin/sleep 3600
>
> to block shutdown for 1h.
This does NOT work. I tested it with debian testing.
> You can run something like
>
> systemd-inhibit --what=shutdown --mode=block /bin/sleep 3600
>
> to block shutdown for 1h.
It does not prevent shutdown through hte KDE GUI. And even on the commandline a "poweroff" is still successfully executed.
Matthias
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Michael Biebl
Mar 29, 2015, 11:40:05 AM3/29/15
to
Am 29.03.2015 um 11:42 schrieb Matthias Bodenbinder:
> Am 28.03.2015 um 18:51 schrieb Michael Biebl:
>> You can run something like
>>
>> systemd-inhibit --what=shutdown --mode=block /bin/sleep 3600
>>
>> to block shutdown for 1h.
>
> This does NOT work. I tested it with debian testing.
Are you sure you are using systemd as PID 1?
> Am 28.03.2015 um 18:51 schrieb Michael Biebl:
>> You can run something like
>>
>> systemd-inhibit --what=shutdown --mode=block /bin/sleep 3600
>>
>> to block shutdown for 1h.
>
> This does NOT work. I tested it with debian testing.
> It does not prevent shutdown through hte KDE GUI.
as well.
> And even on the commandline a "poweroff" is still successfully executed.
David Wright
Mar 29, 2015, 11:20:04 PM3/29/15
to
Quoting Matthias Bodenbinder (matt...@bodenbinder.de):
> [...] And even on the commandline a "poweroff" is still successfully executed.
You haven't said whether the commandline is being typed on a console
VC, or remotely. It makes a big difference. For example:
jessiebox ~$ ls -l /sbin/poweroff
lrwxrwxrwx 1 root root 14 Feb 13 05:45 /sbin/poweroff -> /bin/systemctl
jessiebox ~$ /sbin/poweroff
==== AUTHENTICATING FOR org.freedesktop.login1.power-off ===
Authentication is required for powering off the system.
Authenticating as: root
Password: ← typed root's password
==== AUTHENTICATION COMPLETE ===
jessiebox ~$ Connection to jessiebox closed by remote host.
Connection to jessiebox closed.
wheezybox ~$ ls -l /sbin/poweroff
lrwxrwxrwx 1 root root 4 Jul 17 2013 /sbin/poweroff -> halt
wheezybox ~$ ls -l /sbin/halt
-rwxr-xr-x 1 root root 13848 Jul 17 2013 /sbin/halt
wheezybox ~$ /sbin/poweroff
poweroff: must be superuser.
wheezybox ~$
So wheezy just runs a binary that checks for root.
Jessie (running systemd) makes me authenticate if I'm remote, but will
shutdown straightaway if I type the command on the console. Which is
reasonable since all I have to do otherwise is press CtrlAltDel or the
power button to achieve the same effect.
Cheers,
David.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: https://lists.debian.org/20150330031...@alum.home
> [...] And even on the commandline a "poweroff" is still successfully executed.
You haven't said whether the commandline is being typed on a console
VC, or remotely. It makes a big difference. For example:
jessiebox ~$ ls -l /sbin/poweroff
lrwxrwxrwx 1 root root 14 Feb 13 05:45 /sbin/poweroff -> /bin/systemctl
jessiebox ~$ /sbin/poweroff
==== AUTHENTICATING FOR org.freedesktop.login1.power-off ===
Authentication is required for powering off the system.
Authenticating as: root
Password: ← typed root's password
==== AUTHENTICATION COMPLETE ===
jessiebox ~$ Connection to jessiebox closed by remote host.
Connection to jessiebox closed.
wheezybox ~$ ls -l /sbin/poweroff
lrwxrwxrwx 1 root root 4 Jul 17 2013 /sbin/poweroff -> halt
wheezybox ~$ ls -l /sbin/halt
-rwxr-xr-x 1 root root 13848 Jul 17 2013 /sbin/halt
wheezybox ~$ /sbin/poweroff
poweroff: must be superuser.
wheezybox ~$
So wheezy just runs a binary that checks for root.
Jessie (running systemd) makes me authenticate if I'm remote, but will
shutdown straightaway if I type the command on the console. Which is
reasonable since all I have to do otherwise is press CtrlAltDel or the
power button to achieve the same effect.
Cheers,
David.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Matthias Bodenbinder
Mar 31, 2015, 2:20:04 PM3/31/15
to
Am 29.03.2015 um 17:35 schrieb Michael Biebl:
> Am 29.03.2015 um 11:42 schrieb Matthias Bodenbinder:
>> Am 28.03.2015 um 18:51 schrieb Michael Biebl:
>>> You can run something like
>>>
>>> systemd-inhibit --what=shutdown --mode=block /bin/sleep 3600
>>>
>>> to block shutdown for 1h.
>>
>> This does NOT work. I tested it with debian testing.
>
> Are you sure you are using systemd as PID 1?
PID 1 is /sbin/init
> Am 29.03.2015 um 11:42 schrieb Matthias Bodenbinder:
>> Am 28.03.2015 um 18:51 schrieb Michael Biebl:
>>> You can run something like
>>>
>>> systemd-inhibit --what=shutdown --mode=block /bin/sleep 3600
>>>
>>> to block shutdown for 1h.
>>
>> This does NOT work. I tested it with debian testing.
>
> Are you sure you are using systemd as PID 1?
with
lrwxrwxrwx 1 root root 20 Feb 13 12:22 /sbin/init -> /lib/systemd/systemd
All my tests where with local root: KDE+konsole, as regular user. Either executing "poweroff" via "su -" in the konsole or clicking shutdown button in KDE.
Example:
In konsole #1:
su -
systemd-inhibit --what="idle:sleep:shutdown" --mode=block sleep 3600
In konsole #2:
su -
poweroff
The computer is just powered off.
Matthias
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
David Wright
Mar 31, 2015, 3:50:04 PM3/31/15
to
Quoting Matthias Bodenbinder (matt...@bodenbinder.de):
> Am 29.03.2015 um 17:35 schrieb Michael Biebl:
> > Am 29.03.2015 um 11:42 schrieb Matthias Bodenbinder:
> >> Am 28.03.2015 um 18:51 schrieb Michael Biebl:
> >>> You can run something like
> >>>
> >>> systemd-inhibit --what=shutdown --mode=block /bin/sleep 3600
> >>>
> >>> to block shutdown for 1h.
> >>
> >> This does NOT work. I tested it with debian testing.
> >
> > Are you sure you are using systemd as PID 1?
>
> PID 1 is /sbin/init
> with
> lrwxrwxrwx 1 root root 20 Feb 13 12:22 /sbin/init -> /lib/systemd/systemd
>
> All my tests where with local root: KDE+konsole, as regular user. Either executing "poweroff" via "su -" in the konsole or clicking shutdown button in KDE.
>
> Example:
>
> In konsole #1:
> su -
> systemd-inhibit --what="idle:sleep:shutdown" --mode=block sleep 3600
>
> In konsole #2:
> su -
> poweroff
>
> The computer is just powered off.
Not using KDE myself, I can only comment on the CLI (and thanks for
> Am 29.03.2015 um 17:35 schrieb Michael Biebl:
> > Am 29.03.2015 um 11:42 schrieb Matthias Bodenbinder:
> >> Am 28.03.2015 um 18:51 schrieb Michael Biebl:
> >>> You can run something like
> >>>
> >>> systemd-inhibit --what=shutdown --mode=block /bin/sleep 3600
> >>>
> >>> to block shutdown for 1h.
> >>
> >> This does NOT work. I tested it with debian testing.
> >
> > Are you sure you are using systemd as PID 1?
>
> PID 1 is /sbin/init
> with
> lrwxrwxrwx 1 root root 20 Feb 13 12:22 /sbin/init -> /lib/systemd/systemd
>
> All my tests where with local root: KDE+konsole, as regular user. Either executing "poweroff" via "su -" in the konsole or clicking shutdown button in KDE.
>
> Example:
>
> In konsole #1:
> su -
> systemd-inhibit --what="idle:sleep:shutdown" --mode=block sleep 3600
>
> In konsole #2:
> su -
> poweroff
>
> The computer is just powered off.
the clear posting). I think you need to understand that root privilege
overrides any inhibitions, as one might expect.
This is what works for me:
jessiebox ~$ /bin/su -
Password:
jessiebox ~# systemd-inhibit --what="idle:sleep:shutdown" --mode=block sleep 3600
and moving to a VC or another xterm:
jessiebox ~$ /sbin/poweroff
Operation inhibited by "sleep 3600" (PID 28227 "systemd-inhibit", user root), reason is "Unknown reason".
Please retry operation after closing inhibitors and logging out other users.
Alternatively, ignore inhibitors and users with 'systemctl poweroff -i'.
jessiebox ~$
jessiebox ~$ systemctl poweroff -i
==== AUTHENTICATING FOR org.freedesktop.login1.power-off-ignore-inhibit ===
Authentication is required for powering off the system while an application asked to inhibit it.
Authenticating as: root
Password: [password not typed] Failed to execute operation: Connection timed out
Failed to start poweroff.target: Access denied
polkit-agent-helper-1: pam_authenticate failed: Authentication failure
jessiebox ~$
Now that would have worked if I had typed the password.
jessiebox ~$ systemd-inhibit --list
Who: /bin/sleep 3600 (UID 0/root, PID 4051/systemd-inhibit)
What: shutdown
Why: Unknown reason
Mode: block
1 inhibitors listed.
jessiebox ~$
AIUI it's up to root to check for inhibitions. I also get te
impression that mollyguard is really just for trying to prevent you
accidently closing down a machine you've ssh'd to because you think
you're still local. (I prevent this by using differently coloured
prompt strings.) I don't know how well it's integrated with systemd.
Cheers,
David.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
0 new messages