system configuration - Red Hat based systems
The behavior of CTRL-ALT-DELETE is determined by the system initialization process. There have been significant changes in how system initialization and management has been implemented in recent years. There are 3 seperate implemenetations in use on current Red Hat based systems. The oldest is SysVinit, the traditional System V init process, which is used on RHEL5. On RHEL6 this was succeeded by Upstart. Upstart was replaced with systemd in recent Fedora releases and RHEL7. The procedure to disable CTRL-ALT-DELETE for each of these is summarized below.
Hosts with systemd
Applicable: RHEL7, Fedora-15 and newerThe following appears to be the most appropriate way to disable CTRL-ALT-DELETE.
- ln -s /dev/null /etc/systemd/system/ctrl-alt-del.target
No refresh is required. The change has immediate effect. To reinstate the default CTRL-ALT-DELETE behavior simply remove the ctrl-alt-del.target symlink that you created.
Hosts with Upstart
Applicable: RHEL6, Fedora-9 - Fedora-14On systems with Upstart CTRL-ALT-DELETE can be disabled in a few ways. However, if supported, the following appears to be the most desirable way to disable or change the behavior of CTRL-ALT-DELETE.
cp -pi /etc/init/control-alt-delete.conf /etc/init/control-alt-delete.override
Edit the /etc/init/control-alt-delete.override file. The contents of the file will look something like the following:
# control-alt-delete - emergency keypress handling
#
# This task is run whenever the Control-Alt_Delete key combination is
# pressed. Usually used to shut down the machine.
start on control-alt-delete
exec /sbin/shutdown -r now "Control-Alt-Delete pressed"
#
# This task is run whenever the Control-Alt_Delete key combination is
# pressed. Usually used to shut down the machine.
start on control-alt-delete
exec /sbin/shutdown -r now "Control-Alt-Delete pressed"
To utilize the override file you will need to update the exec entry to perform a different action. All upstart job files must have an exec or script stanza. If you simply comment out the existing entries the override file it will have no effect. To ignore CTRL-ALT-DELETE you could update the control-alt-delete.override file as follows:
# control-alt-delete - emergency keypress handling
#
# This task is run whenever the Control-Alt_Delete key combination is
# pressed. Usually used to shut down the machine.
start on control-alt-delete
exec /bin/true
#
# This task is run whenever the Control-Alt_Delete key combination is
# pressed. Usually used to shut down the machine.
start on control-alt-delete
exec /bin/true
No refresh is required since inotify watches for changes. However, 'initctl reload-configuration' will reload the configuration.
You can specify an appropriate alternative action if you prefer. You might invoke a logger, for example, to record the event. However, personally I prefer to silently ignore CTRL-ALT-DELETE.
You should test that the change works with your version of Upstart. For example, in RHEL6 the override file logic is not supported until RHEL 6.3 (upstart-0.6.5-12). However, you should hopefully be patched to at least this level by now.
If your version of Upstart does not implement the override file logic you will need to directly modify the control-alt-delete.conf file or remove it. However, this is not the desired approach, especially if you do not have the file under active configuration management, since updates to the initscripts package will likely replace the control-alt-delete.conf file and reinstate the default behavior.
References
http://rhn.redhat.com/errata/RHBA-2012-0863.htmlNotes
I have verified that updating initscripts (through at least version found with RHEL6.4; initscripts-9.03.38) overwrites control-alt-delete.conf which is why you want to use control-alt-delete.override instead of modifying control-alt-delete.conf.In testing, I was never able to display output to the screen but was able to direct output to a file. Don't really care why and have no interest in figuring it out as I prefer to silently ignore CTRL-ALT-DELETE.
Hosts with SysVinit
Applicable: RHEL5 and older, Fedora-8 and oldervi /etc/inittab
Find the line that looks like the following (RHEL5.4) and comment it out. If you prefer you could instead replace the command in this entry to invoke an action other than reboot.
ca::ctrlaltdel:/sbin/shutdown -t3 -r now
Changes to the inittab file will not take effect until init reloads the configuration. Normally init only reads the configuration at startup.
To force a configuration reload issue the following:
/sbin/init q
Note: In addition to the above a system reboot, '/bin/kill -HUP 1', and '/bin/kill -s HUP 1' will force a configuration reload.
No comments:
Post a Comment