current-users: Re: CVS commit: basesrc

Subject: Re: CVS commit: basesrc
To: None <tls@rek.tjls.com>
From: Greg A. Woods <woods@weird.com>
List: current-users
Date: 05/16/2001 17:45:44
[ On Wednesday, May 16, 2001 at 17:28:11 (-0400), Thor Lancelot Simon wrote: ]
> Subject: Re: CVS commit: basesrc
>
> Yeah, unless, let's say, the shutdown script for sshd kills your login
> session before the shutdown script for oracle fails to stop the database
> and hangs your system forever.

Why do you have a shudown script for sshd?  It's not that way by default
and it should not be!

Sshd properly honours /etc/nologin.  Only authorised users can login in
the last five minutes before shutdown, but that's OK because you've
already been smart enough to authorise not only yourself but also
someone at the location where some physical secure terminal is located
(eg. the console) (if the two people are not the same, of course),
right?!?!?!?

Although all of this stuff is already clearly documented, it might be
nice if there were a "Theory of Operation" document that would tie all
the pieces in the various manual pages together and show people what
needs to be done so that they can safely handle all of the
contingencies.

> Great.  Just great.

Please walk through this stuff more carefully!  It works, and it works
properly!!!!  If you don't believe it even after reading the code then
please test it.

> At the very least, shutdown scripts should have to supply a bounded time
> within which they will complete, and after which they may be killed;

It might be a nice feature to allow an optional time limit to be
specified, but it is literally not necessary!  However I cannot even
imagine anything that would need/benefit-from such a time limit.  Either
some process needs to shut down correctly and completely, or it should
be killed by the normal "reboot" procedures (kill -15, pause, kill -9
any survivors, call reboot(2) to finish the job!).  However if processes
in the former class don't shut down cleanly then the system should not
arbitrarily or automatically whack them -- it *MUST* wait for human
intervention!

If you really don't like that then put a watchdog timer on the power bar
and make sure your watchdog reset process *does* have a shutdown script!

> shutdown scripts that don't supply such a time limit should not be run.

You've got it completely backwards!

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>     <woods@robohack.ca>
Planix, Inc. <woods@planix.com>;   Secrets of the Weird <woods@weird.com>