My colleague (thanks Kevin), just alerted me to a default setting on ESX 4, which I think is potentially dangerous these days. If you hit Ctrl-Alt-Del on an ESX 4 console, it will reboot the server even if there are running VMs and it doesn’t care if the server is not in Maintenance Mode.
This is an old throwback which most modern Linux distribution disable these days. To disable this yourself, open up /etc/inittab in your favourite editor and comment out the “ca::ctrlaltdel:/sbin/shutdown -t3 -r now” line with a # symbol so it looks like this:
# Trap CTRL-ALT-DELETE
# ca::ctrlaltdel:/sbin/shutdown -t3 -r now
Save and exit the file. For this to take effect without a reboot, then run:
This certainly disabled by default on ESX 3.5 hosts, so I assume that this was an oversight on VMware’s part on the new release. I have checked the latest patches and there is no mention of this.
Frank Wegner from VMware has raised this as a bug report with VMware engineering.
UPDATE 2 (4 March 2010):
VMware have just released a patch for ESX 4 hosts to rectify this: http://kb.vmware.com/kb/1017459
10 thoughts on “Dangerous default on ESX 4”
Sorry, this is quite funny, and a little sad!
I experienced this on ESX 3.5 U4 servers too! Thanks for pointing out how to disable it … now doing this on our servers!
This is actually a good practice in any shop with both Windows and Linux hosts. Windows IT people will press to login to a system. With screens blank and/or KVMs in use to save space, you may not be talking to the host you think you are talking to.
You would think this would be corrected in Update 1. Alas, I think VMware truly see it as a feature instead of a bug (where have I heard that before ;-)).
I tried to find the values mentioned in the /etc/inittab but they’re not there. Is it correct that this does not apply to ESXi 4?
Yes you’re right, this only applies to ESX hosts not ESXi. Its a “feature” of the Service Console. The “unsupported” busybox implementation on ESXi is just a collection of unix tools.
4 months took vmware to release “critical” patch!
I was not aware of it. Thanks for posting.