I accidentally discovered a feature introduced in systemd, which overrides the default SIGINT behaviour for the ctrl-alt-del (CAD) keystroke sequence.
Previously, an entry in
/etc/inittab such as the below would be sufficient to prevent an accidental CAD (e.g. when remotely connected to a console and using CAD to change password, lock a terminal etc).
ca:12345:ctrlaltdel:/bin/echo "CTRL-ALT-DEL is disabled"
Under systemd, the config can be set in
/etc/systemd/system.conf with the directive
Gotcha - multiple presses
If you hit CAD several times (more than 7 times in two seconds), it will override the behaviour specified in system.conf. I discovered this when impatiently waiting for a system to respond (knowing it shouldn't have responded to my keystrokes).
Normally this isn't a problem, however when remotely managing systems (e.g. VPN, etc) and a link drops out precisely when you hit CAD, it can send the same keystrokes to the console multiple times (think of when you've come back to a console and seen a long string such as jjjjjjjjjjjjjjjjjjjj on the screen even though you only pressed it once. )
It turns out, up until November 2016 (when the feature was finally merged into systemd v232), there was no way to prevent multiple presses of CAD. This still means however that mainstream stable releases of Linux etc still don't include this version (CentOS 7.3-1611 only includes systemd v219).
So for now, be warned - CAD may still trigger a reboot even if you tell systemd to ignore CAD!
Code Excerpt from github:
CtrlAltDelBurstAction <varlistentry> <term><varname>CtrlAltDelBurstAction=</varname></term> <listitem><para>Defines what action will be performed if user presses Ctrl-Alt-Delete more than 7 times in 2s. Can be set to <literal>reboot-force</literal>, <literal>poweroff-force</literal>, <literal>reboot-immediate</literal>, <literal>poweroff-immediate</literal> or disabled with <literal>none</literal>. Defaults to <literal>reboot-force</literal>. </para></listitem> </varlistentry>
Upon receiving this signal the systemd system manager will start the ctrl-alt-del.target unit. This is mostly equivalent to systemctl start ctl-alt-del.target. If this signal is received more than 7 times per 2s, an immediate reboot is triggered. Note that pressing Ctrl-Alt-Del on the console will trigger this signal. Hence, if a reboot is hanging, pressing Ctrl-Alt-Del more than 7 times in 2s is a relatively safe way to trigger an immediate reboot.