本文介绍如何创建一个名为'safe-remote-poweroff'的脚本,当root用户尝试使用'poweroff'命令时,防止意外关闭远程Linux机器。脚本会在实际执行关机命令之前检查连接是否为远程,如果是远程连接,则显示警告并提供正确关机的指导。
https://classpage.dmorgan.us/linadmin/labs/safe-remote-poweroff/safe-remote-poweroff.htm
safe remote poweroff
If you run a root command shell on your linux machine and remotely administer another one, also via a root command shell, it’s a matter of time before you power off the local one only to discover that, oops, no, you just shut down the remote instead by accident. At that point a remote physical presence is needed, to press the power button. Get in the car, or buy your plane ticket, or embarrass yourself with another phone call to somebody onsite asking them to again fix your mistake for you. Or, you could write some substitute prophylactic code under the same name(s) as the command(s) you habitually use for turning the machine off (probably shutdown, poweroff, or halt). Write it so it deflects (does not actually run) the poweroff attempt, instead printing a helpfully alarmist message reminding the adminstrator that OMG he appears to be trying to turn off the remote machine, telling him how to do so if it’s what he actually intended, and exiting. Never again will he do it unawares.
Let’s assume the command you always use to put your machines down is poweroff. There is probably more than one solution. But any of them will involve emplacing some code that goes by the name “poweroff” and gets called ahead of the usual code that actually turns out the lights, eclipsing it. The new code will not turn the machine off, but rather print a message saying so and giving the user an alternative direct command that will run the regular poweroff. Except, that’s a bit of overkill if done unconditionally. You really want to take that step only in case of a remote connection. If “poweroff” is issued on a local one, you want to let it go through. It’s OK, the protection is unneeded, because turning off the machine by accident is recoverable by just turning it right back on again. By contrast a remote user doesn’t have that luxury; so the new code should be conditional on whether the user’s connection is local or remote.
The assignment to perform:
Operate as root. Write a script to be run in whenever the root user ty
最低0.47元/天 解锁文章
758
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
