From owner-freebsd-questions Tue Feb 19 11:26: 3 2002 Delivered-To: freebsd-questions@freebsd.org Received: from ptavv.es.net (ptavv.es.net [198.128.4.29]) by hub.freebsd.org (Postfix) with ESMTP id DD23737B405 for ; Tue, 19 Feb 2002 11:25:58 -0800 (PST) Received: from ptavv (localhost [127.0.0.1]) by ptavv.es.net (Postfix) with ESMTP id B2BAE5D09; Tue, 19 Feb 2002 11:25:58 -0800 (PST) To: Richard Glidden Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Dropping to single user In-reply-to: Your message of "Tue, 19 Feb 2002 14:17:49 EST." <200202191917.g1JJHoa35783@zaphod.wox.org> Date: Tue, 19 Feb 2002 11:25:58 -0800 From: "Kevin Oberman" Message-Id: <20020219192558.B2BAE5D09@ptavv.es.net> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Date: Tue, 19 Feb 2002 14:17:49 -0500 (EST) > From: Richard Glidden > > On 19 Feb, Kevin Oberman wrote: > > > Using the recommended order (as per the handbook) you know that the > > new kernel is bootable and, if it is not, you simply boot kernel.old > > and are right back where you were while you figure out what went > > wrong. > > > > Once you do an installworld, you really can't back out in any sure way > > other than a re-install. Not a lot of fun. > > Good point. It does make much more sense to test the kernel before > clobbering your world. > > > I see no advantage to breaking the kernel build into two steps if you > > plan to boot the new kernel immediately. > > If you run with kern.securelevel >= 1, then won't it be impossible to > install the kernel without first rebooting into single-user? The kernel > is flaged schg, so it can't be modified unless you remove the schg flag, > which is (according to init(8)) impossible at that secure level. Yes, this is true. I don't run an elevated kern.securelevel, so I overlooked this issue. Sorry. > It also lets you build while the machine is in multi-user, and install > while in single-user, which ensures that your installation doesn't > affect any logged-in users before you reboot, and the users don't affect > your installation. Installation of the kernel is safe while in multi-user mode as it only creates a new /kernel and new /modules (and renames the old ones /kernel.old and /modules.old), neither of which will effect the running system unless you do a kldload. (I am assuming that no one with su would do such a thing with you not knowing it.) I try to minimize the time the system is in single-user mode. I even do things that are unsafe on occasion, but I never recommend them to others. R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message