Safety of a shutdown when no user could log in

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Safety of a shutdown when no user could log in

Andrés Delfino
What I'm trying to ask is this: if a user turns on the computer, and
can't log in, is it safe to power off the computer without using halt,
or shutdown, (ie. pressing the power off button)?

Good luck

Reply | Threaded
Open this post in threaded view
|

Re: Safety of a shutdown when no user could log in

Lukasz Sztachanski
On Thu, Jan 26, 2006 at 09:44:28AM -0300, Andris Delfino wrote:
> What I'm trying to ask is this: if a user turns on the computer, and
> can't log in, is it safe to power off the computer without using halt,
there are always `logged in' users( i.e. daemon users) ;)

> or shutdown, (ie. pressing the power off button)?
>
no, if you've got partitions mounted in `rw' mode.



                                - Lukasz Sztachanski


--
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE  BC01 FC91 9EF7 058B 7133
http://szati.blogspot.com
http://szati.entropy.pl

Reply | Threaded
Open this post in threaded view
|

Re: Safety of a shutdown when no user could log in

Andreas Kahari
In reply to this post by Andrés Delfino
On 26/01/06, Andris Delfino <[hidden email]> wrote:
> What I'm trying to ask is this: if a user turns on the computer, and
> can't log in, is it safe to power off the computer without using halt,
> or shutdown, (ie. pressing the power off button)?
>

No.  There quite a few things that might be going on on a Unix system,
even when no user is logged in, maybe especially when it was just
rebooted.

> Good luck

Good luck?


--
Andreas Kahari

Reply | Threaded
Open this post in threaded view
|

Re: Safety of a shutdown when no user could log in

Joachim Schipper
In reply to this post by Andrés Delfino
On Thu, Jan 26, 2006 at 09:44:28AM -0300, Andris Delfino wrote:
> What I'm trying to ask is this: if a user turns on the computer, and
> can't log in, is it safe to power off the computer without using halt,
> or shutdown, (ie. pressing the power off button)?

As pointed out, no, but you might get away with it if the system is not
doing anything at the time (like, no daemons running or at least not
acting on anything).

You'll have to fsck in any case, and might lose data if it's currently
being worked on.

                Joachim

Reply | Threaded
Open this post in threaded view
|

Re: Safety of a shutdown when no user could log in

Tobias Ulmer
In reply to this post by Andrés Delfino
On Thu, Jan 26, 2006 at 09:44:28AM -0300, Andr??s Delfino wrote:
> What I'm trying to ask is this: if a user turns on the computer, and
> can't log in, is it safe to power off the computer without using halt,
> or shutdown, (ie. pressing the power off button)?
>
> Good luck
>
>

As others have answered already, it's not safe (at least not on a
default installation)

If this is a problem for you, look at machdep.kbdreset in
/etc/sysctl.conf

Tobias

Reply | Threaded
Open this post in threaded view
|

Re: Safety of a shutdown when no user could log in

Nick Holland
In reply to this post by Andrés Delfino
AndrC)s Delfino wrote:
> What I'm trying to ask is this: if a user turns on the computer, and
> can't log in, is it safe to power off the computer without using halt,
> or shutdown, (ie. pressing the power off button)?

SHOULD you power down uncleanly?  No.
Can you?  Usually. :)
I would even go as far as to say, "almost always".

If your machine is "busy", doing things that regularly write to disk,
yeah, you really don't want to hit the power button.  HOWEVER, if your
machine is "idle" at the moment and you don't have an easy way to do a
proper shut down, go ahead, hit the power button.

FFS is pretty darned robust.  It will cough and sputter a small amount
on reboot, but it generally cleans itself up and comes up just fine.
Will it do this EVERY time?  Probably not.  If you were in the middle of
writing files, you can probably guess they are not-as-you-intended, and
depending on what they were, you might be really upset about this.  Or
you might just say, "Whatever, get back to filtering packets for me,
please", and never notice any "dammage" at all.

The only time I can recall a system going down hard and not getting back
up was when a SCSI card fell out of a machine with the power on (not a
very interesting story -- IBM NetFinity 3000, for some unknown reason,
they thought it was cute to HANG the cards umop apisdn in the
machine...and I thought I'd be lazy and not put that annoying bracket in
for this quick test.  I think I was doing a cvs checkout (lots of
writing), and the SCSI adapter fell out.  File system was trashed, there. :)

(hm.  just recalled another time, which also, curiously, involved a CVS
checkout...)

IN FACT, on many occasions, I'll be too lazy to properly halt the
machine (and wasn't going to need it immediately when it came back up)
and just hit the power button.

This is not how you want to run your machine normally, but stuff
happens.  I'd never want to put a really unstable file system, one that
couldn't take an "oops!", into production.  If it can take an "oops!",
it can probably take a "deliberate" :)

IF you anticipate the need for this, a few tips: make your partitions as
small as possible (and extra space unused and unmounted) with as few
files as possible, mount as many partitions RO (Read Only) as you can
get away with for your application, try to minimize tasks that write to
disk, and have a good backup.  This will minimize the time the system
spends doing an fsck on reboot...and the backup will save you when you
want to kick my butt because you didn't notice all the qualifiers I put
in this note. :)

Not bad design principles, in general.  I have set up a large archiving
system -- the point is BIG and RELIABLE (or actually, repairable,
without losing data), not super fast.  It currently has around 1.8T of
storage, and if maxed out with its current design (and current
technology), about 4T of storage (all for about $5000US! I used to
install 20M hard disks in machines for almost that much money! :).
Storage is broken up into manageable chunks (about 300G at the moment,
500G if we were to max it out...much bigger, if we get the 1G physical
disk limit overcome in OpenBSD).  Trip over that power cord, we'll be
waiting a while.  HOWEVER, the design helps keep that manageable -- once
a chunk is "filled", it is remounted read-only, and only one or two
"reserve chunks" are kept read-write.  Plus, the time critical stuff is
kept on a smaller machine to keep the (re)boot times to a minimum.  And
yes, I yanked the power cord just to see what would happen (ans: after
about 20 minutes to reboot, nothing exciting...though I was careful not
to do this test during the hourly "fetch" cycle).


So..in short: if you need to, go ahead, hit the button.  Though if you
can shut it down properly, please do so, that is always the prefered method.

Nick.

Reply | Threaded
Open this post in threaded view
|

Re: Safety of a shutdown when no user could log in

Nick Holland
Nick Holland wrote:
> ...much bigger, if we get the 1G physical disk limit overcome in
> OpenBSD).

er... 1T physical disk limit...

(hey, some of us old timers were really wowed by the first 1G drives.
Or the first 20M drives...  We get our staggering amount of storage
units confused easily. :)

Nick.

Reply | Threaded
Open this post in threaded view
|

Re: Safety of a shutdown when no user could log in

Eric Johnson-5
On Fri, 27 Jan 2006 06:43:35 -0500
Nick Holland <[hidden email]> wrote:

> Nick Holland wrote:
> > ...much bigger, if we get the 1G physical disk limit overcome in
> > OpenBSD).
>
> er... 1T physical disk limit...
>
> (hey, some of us old timers were really wowed by the first 1G drives.
> Or the first 20M drives...  We get our staggering amount of storage
> units confused easily. :)

I was really impressed when we got two 150 MB drives for the old
PDP-11/70.  $15,000 each and $15,000 for the disk controller.

We had so much space we didn't know what to do with it all.

Eric Johnson

Reply | Threaded
Open this post in threaded view
|

Re: Safety of a shutdown when no user could log in

Andreas Bihlmaier-2
In reply to this post by Andrés Delfino
On Thu, Jan 26, 2006 at 10:30:08PM -0500, Nick Holland wrote:

> AndrC)s Delfino wrote:
> > What I'm trying to ask is this: if a user turns on the computer, and
> > can't log in, is it safe to power off the computer without using halt,
> > or shutdown, (ie. pressing the power off button)?
>
> SHOULD you power down uncleanly?  No.
> Can you?  Usually. :)
> I would even go as far as to say, "almost always".
>
> If your machine is "busy", doing things that regularly write to disk,
> yeah, you really don't want to hit the power button.  HOWEVER, if your
> machine is "idle" at the moment and you don't have an easy way to do a
> proper shut down, go ahead, hit the power button.
>
> FFS is pretty darned robust.  It will cough and sputter a small amount
> on reboot, but it generally cleans itself up and comes up just fine.
> Will it do this EVERY time?  Probably not.  If you were in the middle of
> writing files, you can probably guess they are not-as-you-intended, and
> depending on what they were, you might be really upset about this.  Or
> you might just say, "Whatever, get back to filtering packets for me,
> please", and never notice any "dammage" at all.
>
> The only time I can recall a system going down hard and not getting back
> up was when a SCSI card fell out of a machine with the power on (not a
> very interesting story -- IBM NetFinity 3000, for some unknown reason,
> they thought it was cute to HANG the cards umop apisdn in the
> machine...and I thought I'd be lazy and not put that annoying bracket in
> for this quick test.  I think I was doing a cvs checkout (lots of
> writing), and the SCSI adapter fell out.  File system was trashed, there. :)
>
> (hm.  just recalled another time, which also, curiously, involved a CVS
> checkout...)
>
> IN FACT, on many occasions, I'll be too lazy to properly halt the
> machine (and wasn't going to need it immediately when it came back up)
> and just hit the power button.
>
> This is not how you want to run your machine normally, but stuff
> happens.  I'd never want to put a really unstable file system, one that
> couldn't take an "oops!", into production.  If it can take an "oops!",
> it can probably take a "deliberate" :)
>
> IF you anticipate the need for this, a few tips: make your partitions as
> small as possible (and extra space unused and unmounted) with as few
> files as possible, mount as many partitions RO (Read Only) as you can
> get away with for your application, try to minimize tasks that write to
> disk, and have a good backup.  This will minimize the time the system
> spends doing an fsck on reboot...and the backup will save you when you
> want to kick my butt because you didn't notice all the qualifiers I put
> in this note. :)

Of course remember to keep / or more exactly /dev mounted RW because of
permissions in /dev.
Btw. shouldn't a warnig being spit out by syslog if system finds the
/dev/tty* stuff unchangeable?

>
> Not bad design principles, in general.  I have set up a large archiving
> system -- the point is BIG and RELIABLE (or actually, repairable,
> without losing data), not super fast.  It currently has around 1.8T of
> storage, and if maxed out with its current design (and current
> technology), about 4T of storage (all for about $5000US! I used to
> install 20M hard disks in machines for almost that much money! :).
> Storage is broken up into manageable chunks (about 300G at the moment,
> 500G if we were to max it out...much bigger, if we get the 1G physical
> disk limit overcome in OpenBSD).  Trip over that power cord, we'll be
> waiting a while.  HOWEVER, the design helps keep that manageable -- once
> a chunk is "filled", it is remounted read-only, and only one or two
> "reserve chunks" are kept read-write.  Plus, the time critical stuff is
> kept on a smaller machine to keep the (re)boot times to a minimum.  And
> yes, I yanked the power cord just to see what would happen (ans: after
> about 20 minutes to reboot, nothing exciting...though I was careful not
> to do this test during the hourly "fetch" cycle).

Remounting stuff RO after it is "filled" is quite a nice idea I never
thought about. How do you decide when to mount it RO? Cronjob? After
each "fetch"?

> So..in short: if you need to, go ahead, hit the button.  Though if you
> can shut it down properly, please do so, that is always the prefered method.
>
> Nick.