'\" t
.\"     Title: molly-guard
.\"    Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author]
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\"      Date: Apr 19, 2008
.\"    Manual: [FIXME: manual]
.\"    Source: [FIXME: source]
.\"  Language: English
.\"
.TH "MOLLY\-GUARD" "8" "Apr 19, 2008" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
molly-guard \- guard against accidental shutdowns/reboots
.SH "SYNOPSIS"
.HP \w'\fBshutdown\fR\ 'u
\fBshutdown\fR [\-\fBhV\fR] [\fB\-\-molly\-guard\-do\-nothing\fR] [\-\-\ \fIscript_options\fR]
.HP \w'\fBhalt\fR\ 'u
\fBhalt\fR [\-\fBhV\fR] [\fB\-\-molly\-guard\-do\-nothing\fR] [\-\-\ \fIscript_options\fR]
.HP \w'\fBreboot\fR\ 'u
\fBreboot\fR [\-\fBhV\fR] [\fB\-\-molly\-guard\-do\-nothing\fR] [\-\-\ \fIscript_options\fR]
.HP \w'\fBpoweroff\fR\ 'u
\fBpoweroff\fR [\-\fBhV\fR] [\fB\-\-molly\-guard\-do\-nothing\fR] [\-\-\ \fIscript_options\fR]
.HP \w'\fBcoldreboot\fR\ 'u
\fBcoldreboot\fR [\-\fBhV\fR] [\fB\-\-molly\-guard\-do\-nothing\fR] [\-\-\ \fIscript_options\fR]
.HP \w'\fBpm\-hibernate\fR\ 'u
\fBpm\-hibernate\fR [\-\fBhV\fR] [\fB\-\-molly\-guard\-do\-nothing\fR] [\-\-\ \fIscript_options\fR]
.HP \w'\fBpm\-suspend\fR\ 'u
\fBpm\-suspend\fR [\-\fBhV\fR] [\fB\-\-molly\-guard\-do\-nothing\fR] [\-\-\ \fIscript_options\fR]
.HP \w'\fBpm\-suspend\-hybrid\fR\ 'u
\fBpm\-suspend\-hybrid\fR [\-\fBhV\fR] [\fB\-\-molly\-guard\-do\-nothing\fR] [\-\-\ \fIscript_options\fR]
.SH "DESCRIPTION"
.PP
\fBmolly\-guard\fR
attempts to prevent you from accidentally shutting down or rebooting machines\&. It does this by injecting a couple of checks before the existing commands:
\fBcoldreboot\fR,
\fBhalt\fR,
\fBreboot\fR,
\fBshutdown\fR,
\fBpoweroff\fR,
\fBpm\-hibernate\fR,\fBpm\-suspend\fR
and
\fBpm\-suspend\-hybrid\fR\&.
.PP
Before
\fBmolly\-guard\fR
invokes the real command, all scripts in
/etc/molly\-guard/run\&.d/
have to run and exit successfully; else, it aborts the command\&.
\fBrun\-parts(1)\fR
is used to process the directory\&.
.PP
\fBmolly\-guard\fR
passes any
\fIscript_options\fR
to the scripts, and also populates the environment with the following variables:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBMOLLYGUARD_CMD\fR
\- the actual command invoked by the user\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBMOLLYGUARD_DO_NOTHING\fR
\- set to
\fB1\fR
if this is a demo\-run\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBMOLLYGUARD_SETTINGS\fR
\- the path to a shell script snippet which scripts can source to obtain settings\&.
.RE
.PP
\fBmolly\-guard\fR
prints the contents of
/etc/molly\-guard/messages\&.d/COMMAND
or
/etc/molly\-guard/messages\&.d/default
to the console, if either exists\&. This is due to
/etc/molly\-guard/run\&.d/10\-print\-message\&.
.SH "GUARDING SSH SESSIONS"
.PP
\fBmolly\-guard\fR
was primarily designed to shield SSH connections\&. This functionality (which should arguably be provided by the
openssh\-server
package) is implemented in
/etc/molly\-guard/run\&.d/30\-query\-hostname\&.
.PP
This script first tests whether the command is being executed from a
tty
which has been created by
\fBsshd\fR\&. It also checks whether the variable
\fBSSH_CONNECTION\fR
is defined\&. If any of these tests are successful, test script queries the user for the machine\*(Aqs hostname, which should be sufficient to prevent the user from doing something by accident\&.
.PP
You can pass the
\fB\-\-pretend\-ssh\fR
script option to
\fBmolly\-guard\fR
to pretend that those tests succeeds\&. Alternatively, setting
\fBALWAYS_QUERY_HOSTNAME\fR
in
/etc/molly\-guard/rc
causes the script to always query\&.
.PP
The following situations are still UNGUARDED\&. If you can think of ways to protect against those, please let me know!
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
running
sudo
within
screen
or
screen
within
sudo;
sudo
eats the
\fBSSH_CONNECTION\fR
variable, and
screen
creates a new
pty\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
executing those command in a remote terminal window, that is a
XTerm
started on a remote machine but displaying on the local
X
server\&.
.RE
.PP
You have been warned\&. You can use the
\fB\-\-molly\-guard\-do\-nothing\fR
switch to prevent anything from happening, e\&.g\&.
\fBhalt \-\-molly\-guard\-do\-nothing\fR\&.
.SH "OPTIONS"
.PP
\-\-molly\-guard\-do\-nothing
.RS 4
Cause
\fBmolly\-guard\fR
to print the command which would be executed, after processing all scripts, instead of executing it\&.
.RE
.PP
\-h, \-\-help
.RS 4
Display usage information\&.
.RE
.PP
\-V, \-\-version
.RS 4
Display version information\&.
.RE
.SH "SEE ALSO"
.PP
\fBshutdown\fR(8),
\fBhalt\fR(1),
\fBreboot\fR(8),
\fBpoweroff\fR(8)\&.
\fBcoldreboot\fR(8)\&.
\fBpm-hibernate\fR(8)\&.
\fBpm-suspend\fR(8)\&.
\fBpm-suspend-hybrid\fR(8)\&.
.SH "LEGALESE"
.PP
molly\-guard is copyright by martin f\&. krafft\&. Andrew Ruthven came up with the idea of using the scripts directory and submitted a patch, which I modified a bit\&.
.PP
This manual page was written by martin f\&. krafft
<madduck@madduck\&.net>\&.
.PP
Permission is granted to copy, distribute and/or modify this document under the terms of the Artistic License 2\&.0
.SH "COPYRIGHT"
.br
Copyright \(co 2008 martin f. krafft
.br