Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions

  




 

 

NOTE: CentOS Enterprise Linux 5 is built from the Red Hat Enterprise Linux source code. Other than logo and name changes CentOS Enterprise Linux 5 is compatible with the equivalent Red Hat version. This document applies equally to both Red Hat and CentOS Enterprise Linux 5.

Chapter 26. Console Access

When normal (non-root) users log into a computer locally, they are given two types of special permissions:

  1. They can run certain programs that they would otherwise be unable to run.

  2. They can access certain files (normally special device files used to access diskettes, CD-ROMs, and so on) that they would otherwise be unable to access.

Since there are multiple consoles on a single computer and multiple users can be logged into the computer locally at the same time, one of the users has to essentially win the race to access the files. The first user to log in at the console owns those files. Once the first user logs out, the next user who logs in owns the files.

In contrast, every user who logs in at the console is allowed to run programs that accomplish tasks normally restricted to the root user. If X is running, these actions can be included as menu items in a graphical user interface. As shipped, these console-accessible programs include halt, poweroff, and reboot.

26.1. Disabling Shutdown Via Ctrl-Alt-Del

By default, /etc/inittab specifies that your system is set to shutdown and reboot in response to a Ctrl-Alt-Del key combination used at the console. To completely disable this ability, comment out the following line in /etc/inittab by putting a hash mark (#) in front of it:

ca::ctrlaltdel:/sbin/shutdown -t3 -r now

Alternatively, you may want to allow certain non-root users the right to shutdown or reboot the system from the console using Ctrl-Alt-Del . You can restrict this privilege to certain users, by taking the following steps:

  1. Add the -a option to the /etc/inittab line shown above, so that it reads:

    ca::ctrlaltdel:/sbin/shutdown -a -t3 -r now
    

    The -a flag tells shutdown to look for the /etc/shutdown.allow file.

  2. Create a file named shutdown.allow in /etc. The shutdown.allow file should list the usernames of any users who are allowed to shutdown the system using Ctrl-Alt-Del . The format of the shutdown.allow file is a list of usernames, one per line, like the following:

    stephen 
    jack 
    sophie
    

According to this example shutdown.allow file, the users stephen, jack, and sophie are allowed to shutdown the system from the console using Ctrl-Alt-Del . When that key combination is used, the shutdown -a command in /etc/inittab checks to see if any of the users in /etc/shutdown.allow (or root) are logged in on a virtual console. If one of them is, the shutdown of the system continues; if not, an error message is written to the system console instead.

For more information on shutdown.allow, refer to the shutdown man page.


 
 
  Published under the terms of the GNU General Public License Design by Interspire