Isn't Ctrl-Alt-Delete on Linux *really* dangerous?

Solution 1:

This can be useful for very, very seldom touched machines. Years after installation, if no-one can remember a login for the host, Ctrl-Alt-Delete will do proper shutdown and then let you use GRUB (or even LiLo!) to supply rw init=/bin/bash to the kernel and thus give you the chance to reset the root password.

The above is also a way that Ctrl-Alt-Delete is dangerous even if physical access to the power/reset switches and power cables is prevented. A boot loader password (and BIOS password plus disabling of USB/CD-ROM boot and the boot menu key) can prevent this but makes legitimate emergency recovery more difficult.

Solution 2:

If you have ILO/IPMI/... It makes absolute sense. The only reason for CTRLALTDEL was a magic trap when nothing else would interrupt. With a control card, you don't need that - you can reset the machine anyway. Needless to say, if the machine behaves correctly, you can always 'reboot'/'shutdown -r now'/'init 6'/'systemctl reboot' from console or gui.

Solution 3:

I feel that the chances of accidental reboot via ctrl-alt-delete are much greater than the chances of a server's root password being forgotten, and therefore in production environments it makes sense to disable ctrl-alt-delete. I personally do this on my production systems.

The chances of a hard powercycle on a running linux host causing unrecoverable data corruption is small. In the hundreds of times I've done this over the years, I can't recall a single instance where the system wasn't able to fix itself (fsck) on boot. So I consider this a valid option on hosts where the root password is unknown, barring the availability of other methods for graceful shutdown.