Man Linux: Main Page and Category List


       molly-guard - guard against accidental shutdowns/reboots


       shutdown [-hV] [--molly-guard-do-nothing] [-- script_options]

       halt [-hV] [--molly-guard-do-nothing] [-- script_options]

       reboot [-hV] [--molly-guard-do-nothing] [-- script_options]

       poweroff [-hV] [--molly-guard-do-nothing] [-- script_options]


       molly-guard attempts to prevent you from accidentally shutting down or
       rebooting machines. It does this by injecting a couple of checks before
       the existing commands: halt, reboot, shutdown, and poweroff. This
       happens via scripts with the same names in /usr/sbin, so it only works
       if you have /usr/sbin before /sbin in your PATH!

       Before molly-guard invokes the real command, all scripts in
       /etc/molly-guard/run.d/ have to run and exit successfully; else, it
       aborts the command.  run-parts(1) is used to process the directory.

       molly-guard passes any script_options to the scripts, and also
       populates the environment with the following variables:

       ·   MOLLYGUARD_CMD - the actual command invoked by the user.

       ·   MOLLYGUARD_DO_NOTHING - set to 1 if this is a demo-run.

       ·   MOLLYGUARD_SETTINGS - the path to a shell script snippet which
           scripts can source to obtain settings.

       molly-guard prints the contents of /etc/molly-guard/messages.d/COMMAND
       or /etc/molly-guard/messages.d/default to the console, if either
       exists. This is due to /etc/molly-guard/run.d/10-print-message.


       molly-guard was primarily designed to shield SSH connections. This
       functionality (which should arguably be provided by the openssh-server
       package) is implemented in /etc/molly-guard/run.d/30-query-hostname.

       This script first tests whether the command is being executed from a
       tty which has been created by sshd. It also checks whether the variable
       SSH_CONNECTION is defined. If any of these tests are successful, test
       script queries the user for the machine´s hostname, which should be
       sufficient to prevent the user from doing something by accident.

       You can pass the --pretend-ssh script option to molly-guard to pretend
       that those tests succeeds. Alternatively, setting ALWAYS_QUERY_HOSTNAME
       in /etc/molly-guard/rc causes the script to always query.

       The following situations are still UNGUARDED. If you can think of ways
       to protect against those, please let me know!

       ·   running sudo within screen or screen within sudo; sudo eats the
           SSH_CONNECTION variable, and screen creates a new pty.

       ·   executing those command in a remote terminal window, that is a
           XTerm started on a remote machine but displaying on the local X

       You have been warned. You can use the --molly-guard-do-nothing switch
       to prevent anything from happening, e.g.  halt


           Cause molly-guard to print the command which would be executed,
           after processing all scripts, instead of executing it.

       -h, --help
           Display usage information.

       -V, --version
           Display version information.


       shutdown(8), halt(1), reboot(8), poweroff(8).


       molly-guard is copyright by martin f. krafft. Andrew Ruthven came up
       with the idea of using the scripts directory and submitted a patch,
       which I modified a bit.

       This manual page was written by martin f. krafft <>.

       Permission is granted to copy, distribute and/or modify this document
       under the terms of the Artistic License 2.0


       Copyright © 2008 martin f. krafft

                                 Apr 19, 2008