NAME
molly-guard - guard against accidental shutdowns/reboots
SYNOPSIS
shutdown [-hV] [--molly-guard-do-nothing] [-- script_options]
halt [-hV] [--molly-guard-do-nothing] [-- script_options]
reboot [-hV] [--molly-guard-do-nothing] [-- script_options]
poweroff [-hV] [--molly-guard-do-nothing] [-- script_options]
DESCRIPTION
molly-guard attempts to prevent you from accidentally shutting down or
rebooting machines. It does this by injecting a couple of checks before
the existing commands: halt, reboot, shutdown, and poweroff. This
happens via scripts with the same names in /usr/sbin, so it only works
if you have /usr/sbin before /sbin in your PATH!
Before molly-guard invokes the real command, all scripts in
/etc/molly-guard/run.d/ have to run and exit successfully; else, it
aborts the command. run-parts(1) is used to process the directory.
molly-guard passes any script_options to the scripts, and also
populates the environment with the following variables:
· MOLLYGUARD_CMD - the actual command invoked by the user.
· MOLLYGUARD_DO_NOTHING - set to 1 if this is a demo-run.
· MOLLYGUARD_SETTINGS - the path to a shell script snippet which
scripts can source to obtain settings.
molly-guard prints the contents of /etc/molly-guard/messages.d/COMMAND
or /etc/molly-guard/messages.d/default to the console, if either
exists. This is due to /etc/molly-guard/run.d/10-print-message.
GUARDING SSH SESSIONS
molly-guard was primarily designed to shield SSH connections. This
functionality (which should arguably be provided by the openssh-server
package) is implemented in /etc/molly-guard/run.d/30-query-hostname.
This script first tests whether the command is being executed from a
tty which has been created by sshd. It also checks whether the variable
SSH_CONNECTION is defined. If any of these tests are successful, test
script queries the user for the machine´s hostname, which should be
sufficient to prevent the user from doing something by accident.
You can pass the --pretend-ssh script option to molly-guard to pretend
that those tests succeeds. Alternatively, setting ALWAYS_QUERY_HOSTNAME
in /etc/molly-guard/rc causes the script to always query.
The following situations are still UNGUARDED. If you can think of ways
to protect against those, please let me know!
· running sudo within screen or screen within sudo; sudo eats the
SSH_CONNECTION variable, and screen creates a new pty.
· executing those command in a remote terminal window, that is a
XTerm started on a remote machine but displaying on the local X
server.
You have been warned. You can use the --molly-guard-do-nothing switch
to prevent anything from happening, e.g. halt
--molly-guard-do-nothing.
OPTIONS
--molly-guard-do-nothing
Cause molly-guard to print the command which would be executed,
after processing all scripts, instead of executing it.
-h, --help
Display usage information.
-V, --version
Display version information.
SEE ALSO
shutdown(8), halt(1), reboot(8), poweroff(8).
LEGALESE
molly-guard is copyright by martin f. krafft. Andrew Ruthven came up
with the idea of using the scripts directory and submitted a patch,
which I modified a bit.
This manual page was written by martin f. krafft <madduck@madduck.net>.
Permission is granted to copy, distribute and/or modify this document
under the terms of the Artistic License 2.0
COPYRIGHT
Copyright © 2008 martin f. krafft
Apr 19, 2008