From owner-freebsd-questions@FreeBSD.ORG Thu Sep 16 13:56:53 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C80C16A4CE for ; Thu, 16 Sep 2004 13:56:53 +0000 (GMT) Received: from dirg.bris.ac.uk (dirg.bris.ac.uk [137.222.10.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F6C043D41 for ; Thu, 16 Sep 2004 13:56:53 +0000 (GMT) (envelope-from Jan.Grant@bristol.ac.uk) Received: from mail.ilrt.bris.ac.uk ([137.222.16.62]) by dirg.bris.ac.uk with esmtp (Exim 4.34) id 1C7wkl-0006M9-A4; Thu, 16 Sep 2004 14:56:52 +0100 Received: from cmjg (helo=localhost) by mail.ilrt.bris.ac.uk with local-esmtp (Exim 4.34) id 1C7wkk-0000J0-3X; Thu, 16 Sep 2004 14:56:50 +0100 Date: Thu, 16 Sep 2004 14:56:50 +0100 (BST) From: Jan Grant X-X-Sender: cmjg@mail.ilrt.bris.ac.uk To: Ed Budd In-Reply-To: <414990F7.3000101@grokking.org> Message-ID: References: <414990F7.3000101@grokking.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: Jan Grant X-Spam-Score: 0.0 X-Spam-Level: / cc: freebsd-questions@freebsd.org Subject: Re: what are the pros and cons of running in single user? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Sep 2004 13:56:53 -0000 On Thu, 16 Sep 2004, Ed Budd wrote: > mailing lists at MacTutor wrote: > > I have a machine running 4.10-STABLE that will be a dedicated gateway with a > > router/firewall combo and web server plus mysql server (maybe). What would > > be the pros and cons of running this system single user? Processes that run > > under their own uid, would they be able to run? > > > > Just curious. Any extra thoughts welcome. > > > > er...doesn't "single user" mode mean no networking? My understanding is that > this is really only for maintenance (ie. make installworld, etc.), not regular > operations. Perhaps you meant something else or I just haven't had enough > caffeine yet... "Single-user mode" refers to the point in the boot process prior to running the startup scripts that make multi-user services available: for instance, mounting all drives, turning on swap, configuring network interfaces, starting daemons etc. and potentially most importantly, setting the securelevel. Unlike the sysV init, there is no real "magic" about single-user mode apart from the fact that you can get init to stop the boot process and drop you directly into a shell in "single-user" mode. Running "shutdown" drops you into much the same state - that is, it kills off daemon processes etc. so that the machine can be administered* without unexpected interference from spurious processes. However, there's nothing (in principle) stopping you from kicking off those processes again, providing their environmental needs are satisfied. So to answer the question: you can certainly tune the scripts and services available that launch you into multi-user mode to get a minimum profile on the machine. However if you modify rc to the extent that it turns on everything you need in order to set up bridging, run a few daemons etc then you're effectively duplicating the multiuser startup anyway. jan * modulo securelevel changes which can only be reverted via reboot. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/ The Java disclaimer: values of 'anywhere' may vary between regions.