Disabling shutdown command for all users, even root - consequences?
I would like to disable the shutdown
command for all users, even root, on an Ubuntu Server installation.
The reason I want to do this is to ensure that I don't get into the habit of shutting down the machine in this way, as I SSH into a lot of production machines at the same time as this one, and I don't want to accidentally shutdown one of the other machines by typing the command into the wrong window.
The server I want do disable shutdown on only runs inside VirtualBox on my Windows desktop, and I only use it for local testing so it is not a problem if I can't shut it down from the command line.
I have already mitigated the problem a bit by ensuring I have a different password on the VirtualBox image, but obviously if I am within the sudo
'window' on one of the production machines, I could still accidentally shut it down.
My questions are:
- How do I disable the shutdown command?
- If I do disable the shutdown command, are there any consequences that I should be made aware of? Most specifically, will it disable support for ACPI shutdown that is the equivalent of pressing the power button on a physical machine? Could it affect other generic applications?
For information, I just use this VirtualBox image for trying out shell scripts, running Tomcat and Java, and that kind of thing.
A much better approach to this problem is to install the molly-guard program on the boxes you don't want to shutdown, rather than trying to train yourself to never run shutdown.
molly-guard attempts to prevent you from accidentally shutting down or rebooting machines. It does this by injecting a couple of checks before the existing commands: halt, reboot, shutdown, and poweroff.
The typical configuration is that it asks you to type the hostname of the machine to confirm you are really on the right one.
It is possible to add new scripts to /etc/molly-guard/run.d
(as documented on the manpage, script files must follow naming expected by run-parts
.
If you really want to disable shutdown
(and this is such a bizarre idea), just do
chmod 0 /sbin/shutdown
then if you need to use it, chmod it back to 0755.
If you usually run the command as sudo shutdown
, rather than sudo /sbin/shutdown
, then you can just setup a global shell alias for "shutdown" to just echo a message to the terminal instead. The real executable will still be there for all other purposes.
To disable shutdown command just make the binary non executable i.e sudo chmod a-x /sbin/shutdown
Also i dont think that it will effect any other shutdown method because as the man entry for shutdown says
shutdown sends a request to the init daemon to bring the system down into the appropriate runlevel
so any other command/script can do this even after disabling shutdown command for example I can still shutdown my system using shutdown from GNOME menu. Also you can still reboot your computer from command line using reboot command
The shutdown
command is in /sbin/shutdown
. You can disable it by doing this:
sudo mv /sbin/shutdown /sbin/really-do-shutdown
But: This means that almost none of the usual methods of shutting down the system will work any longer. Shutting down out of gnome on my test machine for this answer causes it to just log you out and throw you back to GDM.
If you want to shut down your system afterwards, you have to do
sudo init 0
"Disabling" shutdown will affect every application that uses the command for anything. Since init 0
is not the recommended way of shutting down a system, all programs that have to shut down the system use shutdown
for it, which won't work any more.
-
Applications can also throw exceptions due to the missing file, or the file being not executable, potentially causing them to crash even though a shutdown isn't necessary. This is an edge-case that you can work around by moving some binary, ideally executable file (not a shell script - that won't work) in it's place. For example:
sudo cp /bin/ps /sbin/shutdown
This is after you've moved the original out of the way safely.
Now, all this is quite hacky, and I recommend against it, for the reasons outlined in João Pinto's comment. But I won't stop you from doing it. :-)
Don't only make a back up of /sbin/shutdown, also, have a recovery plan in place in case it causes any trouble. Don't do this on a server that you can't get to, for example. And test your recovery plan beforehand, assuming that the system doesn't boot at all (it will boot of course - I've tested it - but please be on the safe side).