molly-guard − guard against accidental shutdowns/reboots
shutdown [−hV] [−−molly−guard−do−nothing] [−− script_options] |
|
halt [−hV] [−−molly−guard−do−nothing] [−− script_options] |
|
reboot [−hV] [−−molly−guard−do−nothing] [−− script_options] |
|
poweroff [−hV] [−−molly−guard−do−nothing] [−− script_options] |
molly−guard attempts to prevent you from accidentally shutting down or rebooting machines. It does this by injecting a couple of checks before the existing commands: halt, reboot, shutdown, and poweroff. This happens via scripts with the same names in /usr/sbin, so it only works if you have /usr/sbin before /sbin in your PATH!
Before molly−guard invokes the real command, all scripts in /etc/molly−guard/run.d/ have to run and exit successfully; else, it aborts the command. run−parts(1) is used to process the directory.
molly−guard passes any script_options to the scripts, and also populates the environment with the following variables:
• MOLLYGUARD_CMD − the actual command invoked by the user.
• MOLLYGUARD_DO_NOTHING − set to 1 if this is a demo−run.
• MOLLYGUARD_SETTINGS − the path to a shell script snippet which scripts can source to obtain settings.
molly−guard prints the contents of /etc/molly−guard/messages.d/COMMAND or /etc/molly−guard/messages.d/default to the console, if either exists. This is due to /etc/molly−guard/run.d/10−print−message.
molly−guard was primarily designed to shield SSH connections. This functionality (which should arguably be provided by the openssh−server package) is implemented in /etc/molly−guard/run.d/30−query−hostname.
This script first tests whether the command is being executed from a tty which has been created by sshd. It also checks whether the variable SSH_CONNECTION is defined. If any of these tests are successful, test script queries the user for the machine´s hostname, which should be sufficient to prevent the user from doing something by accident.
You can pass the −−pretend−ssh script option to molly−guard to pretend that those tests succeeds. Alternatively, setting ALWAYS_QUERY_HOSTNAME in /etc/molly−guard/rc causes the script to always query.
The following situations are still UNGUARDED. If you can think of ways to protect against those, please let me know!
• running sudo within screen or screen within sudo; sudo eats the SSH_CONNECTION variable, and screen creates a new pty.
• executing those command in a remote terminal window, that is a XTerm started on a remote machine but displaying on the local X server.
You have been warned. You can use the −−molly−guard−do−nothing switch to prevent anything from happening, e.g. halt −−molly−guard−do−nothing.
−−molly−guard−do−nothing
Cause molly−guard to print the command which would be executed, after processing all scripts, instead of executing it.
−h, −−help
Display usage information.
−V, −−version
Display version information.
shutdown(8), halt(1), reboot(8), poweroff(8).
molly−guard is copyright by martin f. krafft. Andrew Ruthven came up with the idea of using the scripts directory and submitted a patch, which I modified a bit.
This manual page was written by martin f. krafft <madduck@madduck.net>.
Permission is granted to copy, distribute and/or modify this document under the terms of the Artistic License 2.0
Copyright © 2008 martin f. krafft