5 Methods to Avoid or Prevent Accidental Shutdown or Reboot on Linux

In most cases there is a JUMP server where the Linux administrator can connect to all other Linux systems without a password.

You may connect to more than one system at a time for troubleshooting purpose.

For some reason you want to restart the system, you can reboot the wrong machine instead of the actual system when you work on multiple machines.

No problem if it’s a Non Production server. But if you restart an important production server at the same time, think about the situation.

I even accidentally did it a few times.

In this case, how to prevent accidental shutdown or restart of Linux system.

Yes, we have some ways to prevent this, and we will teach you all about them in detail.

1) Method-1: How to Prevent Accidental Shutdown or Reboot on Linux Using the molly-guard Utility

molly-guard is a simple application, which protects machines from accidental shutdowns and reboots by asking your hostname. molly-guard primarily designed to protect SSH connections.

It is only available for Debian-based systems and has not been updated for this project for many years, but still works fine.

I haven’t found any other good alternative to this. If you find one, let me know and we’ll check it out and include in our upcoming article.

How does the molly-guard work? molly-guard installs a shell script that overrides existing shutdown, restart, halt, and poweroff commands.

It runs a set of scripts available in /etc/molly-guard/run.d/, all of which need to be successfully exited, before the molly-guard executes the actual command (It has a couple of checks).

The script first checks whether the command is being executed from SSH. If yes, then the shell script prompts you to enter the host name you want to perform the function to prevent you from accidental shutdowns and restarts.

molly-guard diverts the real binaries to /lib/molly-guard/. You can bypass the molly-guard by running those binaries directly.

How to Install molly-guard on Debian/Ubuntu

As I said at the beginning of the article, the molly-guard application is only available for Debian-based systems. Use the apt command or the apt-get command to install it.

$ sudo apt install molly-guard

Making a Test Case with the use of molly-guard

I’m going to do restart and shutdown commands to check if the molly-guard application actually works as expected.

$ sudo reboot

W: molly-guard: SSH session detected!
Please type in hostname of the machine to reboot: ^C
Good thing I asked; I won't reboot ubuntu.daygeek ...

Either halt or powered off after it has been brought down.

$ sudo shutdown -h now

W: molly-guard: SSH session detected!
Please type in hostname of the machine to shutdown: ^C
Good thing I asked; I won't shutdown ubuntu.daygeek ...

Halt the System.

$ sudo halt

W: molly-guard: SSH session detected!
Please type in hostname of the machine to halt: ^C
Good thing I asked; I won't halt ubuntu.daygeek ...

Poweroff the System.

$ sudo poweroff

W: molly-guard: SSH session detected!
Please type in hostname of the machine to poweroff: ^C
Good thing I asked; I won't poweroff ubuntu.daygeek ...

Note: The molly-guard application doesn’t prevent systemctl shutdown and systemctl reboot commands.

2) Method-2: How to Prevent Accidental Shutdown or Reboot on Linux Using systemd Custom Service

To do so, create a custom service to prevent shutdown/restart command.

Create the following unit files:

# vi /etc/systemd/system/reboot-guard.service

[Unit]
Description=Reboot Guard
[Service]
ExecStart=/bin/true
[Install]
RequiredBy=shutdown.target

Unit file-2:

# /etc/systemd/system/start-reboot-guard.service

[Unit]
Description=Start Reboot Guard
[Service]
ExecStart=/bin/systemctl enable reboot-guard
[Install]
WantedBy=multi-user.target

Run the following systemctl commands to activate the reboot-guard service.

# systemctl daemon-reload

# systemctl enable reboot-guard start-reboot-guard
Created symlink /etc/systemd/system/shutdown.target.requires/reboot-guard.service → /etc/systemd/system/reboot-guard.service.
Created symlink /etc/systemd/system/multi-user.target.wants/start-reboot-guard.service → /etc/systemd/system/start-reboot-guard.service.

Creating a Test Case with the reboot-guard Service.

For reboot

# systemctl reboot

Failed to reboot system via logind: Transaction contains conflicting jobs 'stop' and 'start' for shutdown.target. Probably contradicting requirement dependencies configured.
Failed to start reboot.target: Transaction contains conflicting jobs 'stop' and 'start' for shutdown.target. Probably contradicting requirement dependencies configured.
See system logs and 'systemctl status reboot.target' for details.

For poweroff

# systemctl poweroff

Failed to power off system via logind: Transaction contains conflicting jobs 'stop' and 'start' for poweroff.target. Probably contradicting requirement dependencies configured.
Failed to start poweroff.target: Transaction contains conflicting jobs 'stop' and 'start' for poweroff.target. Probably contradicting requirement dependencies configured.
See system logs and 'systemctl status poweroff.target' for details.

For legacy tools like reboot, init 0 and init 6, I see no effect, but the shutdown command showed the following output. However, this does not really shutdown the system.

# reboot
# init 6
# poweroff
# init 0
# shutdown
Shutdown scheduled for Sun 2019-11-10 21:59:17 IST, use 'shutdown -c' to cancel.

Run the following command to enable shutdown/restart commands.

# systemctl disable reboot-guard

Ref: Red Hat page

3) Method-3: How to Prevent Accidental Shutdown or Reboot on Linux Using the reboot-guard Utility

Block systemd-initiated poweroff/reboot/halt targets until configurable condition checks pass.

It only works with Python 2, so make sure you have Python 2 installed on your system. In my case, I tested this on CentOS 8, and it didn’t install Python 2 before, so I installed it.

Download the reboot-guard utility under the “/usr/sbin” directory.

# cd /usr/sbin
# curl -kO https://raw.githubusercontent.com/ryran/reboot-guard/master/rguard
# chmod +x rguard

Run the following command to enable the rguard utility to block reboot/shutdown.

# rguard -1

WARNING: ☹  Blocked poweroff.target
WARNING: ☹  Blocked reboot.target
WARNING: ☹  Blocked halt.target

Creating a test case of the rguard application.

For reboot

# systemctl reboot

Failed to reboot system via logind: Operation refused, unit reboot.target may be requested by dependency only (it is configured to refuse manual start/stop).
Failed to start reboot.target: Operation refused, unit reboot.target may be requested by dependency only (it is configured to refuse manual start/stop).
See system logs and 'systemctl status reboot.target' for details.

For poweroff

# systemctl poweroff

Failed to power off system via logind: Operation refused, unit poweroff.target may be requested by dependency only (it is configured to refuse manual start/stop).
Failed to start poweroff.target: Operation refused, unit poweroff.target may be requested by dependency only (it is configured to refuse manual start/stop).
See system logs and 'systemctl status poweroff.target' for details.

For legacy tools like reboot, init 0 and init 6, I see no effect, but the shutdown command showed the following output. However, this does not really shutdown the system.

# reboot
# init 6
# poweroff
# init 0
# shutdown
Shutdown scheduled for Sun 2019-11-10 23:46:24 IST, use 'shutdown -c' to cancel.

Run the following command to disable rguard utility.

# rguard -0

WARNING: ☻  Unblocked poweroff.target
WARNING: ☻  Unblocked reboot.target
WARNING: ☻  Unblocked halt.target

4) Method-4: How to Prevent Accidental Shutdown or Reboot on Linux Using the systemctl Command

Alternatively, you can use the systemctl command to mask a service. Masking a service prevents the service from being started manually or automatically.

Mask the following units to prevent accidental reboot/shutdown.

# systemctl mask reboot.target
Created symlink /etc/systemd/system/reboot.target → /dev/null.

# systemctl mask poweroff.target
Created symlink /etc/systemd/system/poweroff.target → /dev/null.

# systemctl mask halt.target
Created symlink /etc/systemd/system/halt.target → /dev/null.

For reboot

# systemctl reboot

Failed to reboot system via logind: Access denied
Failed to start reboot.target: Unit reboot.target is masked.

For poweroff

# systemctl poweroff

Failed to power off system via logind: Access denied
Failed to start poweroff.target: Unit poweroff.target is masked.

For legacy tools like reboot, poweroff, init 0 and init 6, I see no effect, but the shutdown command showed the following output. However, this does not really shutdown the system.

# reboot
# init 6
# poweroff
# init 0
# shutdown
Shutdown scheduled for Sun 2019-11-10 23:59:09 IST, use 'shutdown -c' to cancel.

Run the following command to enable them.

# systemctl unmask reboot.target
Removed /etc/systemd/system/reboot.target.

# systemctl unmask poweroff.target
Removed /etc/systemd/system/poweroff.target.

# systemctl unmask halt.target
Removed /etc/systemd/system/halt.target.

5) Method-5: How to Prevent Accidental Shutdown or Reboot on Linux Using the alias Command

Alternatively, you can create an alias to prevent this.

# vi .bashrc

alias reboot="echo -e 'Is \033[1;31m$HOSTNAME\033[0m the correct hostname you want to restart?' If yes, run /sbin/reboot"
alias shutdown="echo -e 'Is \033[1;31m$HOSTNAME\033[0m the correct hostname you want to shutdown?' If yes, run /sbin/shutdown"

Run the following command to take this change effect.

# source .bashrc

Now, test these commands and see the results.

# shutdown
Is CentOS6.2daygeek.com the correct hostname you want to shutdown? If yes, run /sbin/shutdown

# reboot
Is CentOS6.2daygeek.com the correct hostname you want to restart? If yes, run /sbin/reboot