Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

NOTE: CentOS Enterprise Linux is built from the Red Hat Enterprise Linux source code. Other than logo and name changes CentOS Enterprise Linux is compatible with the equivalent Red Hat version. This document applies equally to both Red Hat and CentOS Enterprise Linux.
Red Hat Enterprise Linux 4: System Administration Guide
Prev Next

Chapter 28. Console Access

When normal (non-root) users log into a computer locally, they are given two types of special permissions:

  1. They can run certain programs that they would not otherwise be able to run

  2. They can access certain files (normally special device files used to access diskettes, CD-ROMs, and so on) that they would not otherwise be able to access

Since there are multiple consoles on a single computer and multiple users can be logged into the computer locally at the same time, one of the users has to essentially win the race to access the files. The first user to log in at the console owns those files. Once the first user logs out, the next user who logs in owns the files.

In contrast, every user who logs in at the console is allowed to run programs that accomplish tasks normally restricted to the root user. If X is running, these actions can be included as menu items in a graphical user interface. As shipped, the console-accessible programs include halt, poweroff, and reboot.

28.1. Disabling Shutdown Via [Ctrl]-[Alt]-[Del]

By default, /etc/inittab specifies that your system is set to shutdown and reboot in response to a [Ctrl]-[Alt]-[Del] key combination used at the console. To completely disable this ability, comment out the following line in /etc/inittab by putting a hash mark (#) in front of it:

ca::ctrlaltdel:/sbin/shutdown -t3 -r now

Alternatively, you may want to allow certain non-root users the right to shutdown or reboot the system from the console using [Ctrl]-[Alt]-[Del]. You can restrict this privilege to certain users, by taking the following steps:

  1. Add the -a option to the /etc/inittab line shown above, so that it reads:

    ca::ctrlaltdel:/sbin/shutdown -a -t3 -r now

    The -a flag tells shutdown to look for the /etc/shutdown.allow file.

  2. Create a file named shutdown.allow in /etc. The shutdown.allow file should list the usernames of any users who are allowed to shutdown the system using [Ctrl]-[Alt]-[Del]. The format of the shutdown.allow file is a list of usernames, one per line, like the following:

    stephen
jack
sophie

According to this example shutdown.allow file, the users stephen, jack, and sophie are allowed to shutdown the system from the console using [Ctrl]-[Alt]-[Del]. When that key combination is used, the shutdown -a command in /etc/inittab checks to see if any of the users in /etc/shutdown.allow (or root) are logged in on a virtual console. If one of them is, the shutdown of the system continues; if not, an error message is written to the system console instead.

For more information on shutdown.allow, refer to the shutdown man page.

Prev Home Next
System Configuration Up Disabling Console Program Access

 
 
  Published under the terms of the GNU General Public License Design by Interspire