Isn't Ctrl-Alt-Delete on Linux *really* dangerous?

linux keyboard-video-mouse ipmi ilo key-bindings

Is the default Ctrl-Alt-Delete shutdown -r functionality on Linux systems a dangerous feature?

Years ago, when I deployed physical systems with attached keyboards and monitors, I'd sometimes modify the /etc/inittab on Red Hat systems to disable the reboot trap. This usually happened after a local IT person or Windows admin accidentally used the magic key combination on the wrong terminal/keyboard/window and rebooted their server.

# Trap CTRL-ALT-DELETE
ca::ctrlaltdel:/sbin/shutdown -t3 -r now

I haven't done this since the RHEL4 days, but newer systems seem to have a /etc/init/control-alt-delete.conf file for this.

In the years since, most of my systems have been deployed headless or are running as virtual machines. This has reduced the frequency of unintended reboots... however, I've had a recent set of ctrl-alt-delete oopses from:

1). an IP KVM plugged into the wrong server by datacenter staff.
2). a Windows admin using the key combination in a VMware console, thinking it was needed for logon.
3). me using the ctrl-alt-delete macro in an HP ILO console to reboot a live CD... but it was actually the ILO for a very busy production server.

enter image description here

  • Does it make sense to disable Ctrl-Alt-Delete reboot in Linux by default?
  • Is this a common concern, or generally ignored?
  • Are there any downsides to doing so?
  • How do you handle this in your environment?

Edit: In fact, I just encountered this server, a virtual machine running for 1,115 days, root password unknown, and VMware tools were not installed (so Ctrl-Alt-Delete would be the only graceful shutdown option).


This can be useful for very, very seldom touched machines. Years after installation, if no-one can remember a login for the host, Ctrl-Alt-Delete will do proper shutdown and then let you use GRUB (or even LiLo!) to supply rw init=/bin/bash to the kernel and thus give you the chance to reset the root password.

The above is also a way that Ctrl-Alt-Delete is dangerous even if physical access to the power/reset switches and power cables is prevented. A boot loader password (and BIOS password plus disabling of USB/CD-ROM boot and the boot menu key) can prevent this but makes legitimate emergency recovery more difficult.


If you have ILO/IPMI/... It makes absolute sense. The only reason for CTRLALTDEL was a magic trap when nothing else would interrupt. With a control card, you don't need that - you can reset the machine anyway. Needless to say, if the machine behaves correctly, you can always 'reboot'/'shutdown -r now'/'init 6'/'systemctl reboot' from console or gui.

Related

Headless Ubuntu server machine sometimes stuck at GRUB menu
Where are the logs for ufw located on Ubuntu Server?
Straight forward way to run ssh-agent and ssh-add on login via SSH?
logrotate daily and size?
What does mdev mean in ping(8)?
Which OS is running in my Docker container?
Is it possible to use scoreboards from NBT number values?
How do I enchant un-enchantable items?
What are the requirements for the green/gold crates to respawn in the game world?
Does the mining barge expert package allow alpha clones to fly these ships?
Minecraft Bedrock overworld gold farm is sending zombified piglins to the nether
Is it possible to have a strong scout?