Re: /sbin/reboot
On 10.12.2010 11:35, Adam Vande More wrote: Why would you want it to be? One really shouldn't be running /sbin/reboot directly as part of normal operations. shutdown does a graceful reboot if and when operators need to perform reboot. AFAIK, the only functional difference between the two is shutdown(8) notifies other logged in users of the impending shutdown. I've used reboot(8) for a long time with no ill effects so I'd be interested to hear what you meant there. Since an operator can use shutdown(8) to initiate the same shutdown sequence reboot(8) uses, it wouldn't seems to be a security based decision. In short, one should use reboot/halt from single user mode to avoid calling shutdown command sequences for non-running services. For multi-user one should use shutdown to not miss these sequences. Eugene Grosbein ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: /sbin/reboot
On Friday, December 10, 2010 2:27:58 am Adam Vande More wrote: On Fri, Dec 10, 2010 at 1:04 AM, Mark Andrews ma...@isc.org wrote: When you have administered multi-user systems you learn to do things gracefully unless you actually need to do things abbruptly. Yes I of course I use shutdown -r on a multi-user system in the rare times I deal with one. However that's not much of a reason not to have reboot in the operator group, especially if you're like me in thinking the vast majority of installs are single user type systems. As the end of the day, it's pretty trivial to me one way or the other but I do think the current way is a POLA violation. No, it is purposeful to force operator-induced shutdowns to send the warning message. That is actually useful aside from the fact that shutdown -r is more graceful than reboot as several people have already told you. -- John Baldwin ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: /sbin/reboot
2010/12/10 Garrett Wollman woll...@hergotha.csail.mit.edu: In article aanlktikggsyrlnds6oihw2u3syjezrrqwdsa9z4t7...@mail.gmail.com, amvandem...@gmail.com writes: For the correct order, shutdown -r calls reboot which calls init which calls rc.shutdown. No. shutdown(8) sends a SIGINT to init(8), which runs rc.shutdown and then calls reboot(2) as its last act. reboot(8) freezes init(8), then sends a SIGTERM to anything left running, then sends a SIGKILL to anything left running, then calls reboot(2) as its last act. Thanks for clarifying this for Adam Vande More and all the persons he may have confused. Don's use reboot(8), even on a single user system (I'm not speaking of single user mode). The reboot command does not work like on most GNU/Linux systems ! An other thread on the same subject (quoting des@) :: http://docs.freebsd.org/cgi/getmsg.cgi?fetch=419569+0+archive/2009/freebsd-current/20091004.freebsd-current http://docs.freebsd.org/cgi/getmsg.cgi?fetch=0+0+archive/2010/freebsd-current/20100110.freebsd-current Something related : https://bugs.kde.org/show_bug.cgi?id=250989 Doing a shutdown -r is the same as a reboot without the warning to logged in users and shutdown handles the logging instead of reboot. Another no... Not even close. -GAWollman ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org -- Olivier Smedts _ ASCII ribbon campaign ( ) e-mail: oliv...@gid0.org - against HTML email vCards X www: http://www.gid0.org - against proprietary attachments / \ Il y a seulement 10 sortes de gens dans le monde : ceux qui comprennent le binaire, et ceux qui ne le comprennent pas. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: /sbin/reboot
In message aanlktind3uzu6o-gf5j1b7cxp7dr1+jqvzbi9vjym...@mail.gmail.com, Adam Vande More writes: Is there a reason /sbin/reboot isn't assigned to the operator group or is this an oversight? Why would you want it to be? One really shouldn't be running /sbin/reboot directly as part of normal operations. shutdown does a graceful reboot if and when operators need to perform reboot. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: /sbin/reboot
On Thu, Dec 9, 2010 at 11:10 PM, Mark Andrews ma...@isc.org wrote: Why would you want it to be? One really shouldn't be running /sbin/reboot directly as part of normal operations. shutdown does a graceful reboot if and when operators need to perform reboot. AFAIK, the only functional difference between the two is shutdown(8) notifies other logged in users of the impending shutdown. I've used reboot(8) for a long time with no ill effects so I'd be interested to hear what you meant there. Since an operator can use shutdown(8) to initiate the same shutdown sequence reboot(8) uses, it wouldn't seems to be a security based decision. -- Adam Vande More ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: /sbin/reboot
Date: Thu, 9 Dec 2010 23:35:51 -0600 From: Adam Vande More amvandem...@gmail.com Sender: owner-freebsd-sta...@freebsd.org On Thu, Dec 9, 2010 at 11:10 PM, Mark Andrews ma...@isc.org wrote: Why would you want it to be? One really shouldn't be running /sbin/reboot directly as part of normal operations. shutdown does a graceful reboot if and when operators need to perform reboot. AFAIK, the only functional difference between the two is shutdown(8) notifies other logged in users of the impending shutdown. I've used reboot(8) for a long time with no ill effects so I'd be interested to hear what you meant there. Since an operator can use shutdown(8) to initiate the same shutdown sequence reboot(8) uses, it wouldn't seems to be a security based decision. Sorry, but this is not at all true, though it often seems so. Unlike reboot, shutdown attempts to cleanly stop all processes. Things like databases can be badly damaged by a reboot. Other processes save state when stopped and that is lost with a reboot. Simply stated, doing a reboot as a standard method of restarting a system is not a good idea and that is why it is not owned by the operator group. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: /sbin/reboot
On Thu, Dec 9, 2010 at 21:35, Adam Vande More amvandem...@gmail.com wrote: On Thu, Dec 9, 2010 at 11:10 PM, Mark Andrews ma...@isc.org wrote: Why would you want it to be? One really shouldn't be running /sbin/reboot directly as part of normal operations. shutdown does a graceful reboot if and when operators need to perform reboot. AFAIK, the only functional difference between the two is shutdown(8) notifies other logged in users of the impending shutdown. I've used reboot(8) for a long time with no ill effects so I'd be interested to hear what you meant there. Since an operator can use shutdown(8) to initiate the same shutdown sequence reboot(8) uses, it wouldn't seems to be a security based decision. Shutdown runs rc.shutdown (stops all rc.d scripts). Also, halt/reboot have options like -n and -q which can disrupt things worse than an unintended clean reboot. -- Rob Farmer ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: /sbin/reboot
On Fri, Dec 10, 2010 at 12:03 AM, Kevin Oberman ober...@es.net wrote: Unlike reboot, shutdown attempts to cleanly stop all processes. Things like databases can be badly damaged by a reboot. Other processes save state when stopped and that is lost with a reboot. For the correct order, shutdown -r calls reboot which calls init which calls rc.shutdown. Doing a shutdown -r is the same as a reboot without the warning to logged in users and shutdown handles the logging instead of reboot. Also, halt/reboot have options like -n and -q which can disrupt things worse than an unintended clean reboot. shutdown also give operator more possibilities than a clean shutdown some which could be very bad. -- Adam Vande More ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: /sbin/reboot
In message aanlktikggsyrlnds6oihw2u3syjezrrqwdsa9z4t7...@mail.gmail.com, Adam Vande More writes: On Fri, Dec 10, 2010 at 12:03 AM, Kevin Oberman ober...@es.net wrote: Unlike reboot, shutdown attempts to cleanly stop all processes. Things like databases can be badly damaged by a reboot. Other processes save state when stopped and that is lost with a reboot. For the correct order, shutdown -r calls reboot which calls init which calls rc.shutdown. Doing a shutdown -r is the same as a reboot without the warning to logged in users and shutdown handles the logging instead of reboot. Also, halt/reboot have options like -n and -q which can disrupt things worse than an unintended clean reboot. shutdown also give operator more possibilities than a clean shutdown some which could be very bad. -- Adam Vande More When you have administered multi-user systems you learn to do things gracefully unless you actually need to do things abbruptly. The operator group is for tape operators to be able shut the system down to perform backups. Telling people that the system is going down allows them to save work. You don't want tape operators to just bring the system down without notice if it can be avoided. Not giving the operator a command which will shut the system down without notice prevents this. Even shutdown -r now informs users that the system is going away and has not just crashed. With single user systems this isn't such a issue. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: /sbin/reboot
On Thu, Dec 9, 2010 at 22:46, Adam Vande More amvandem...@gmail.com wrote: shutdown also give operator more possibilities than a clean shutdown some which could be very bad. I haven't thought about the situation in any detail, but nothing jumps out at me from the manpage. You could do a denial of service thing by kicking people off or endlessly rebooting the system, but intervention to stop that should be easy enough. With reboot, you could require fsck of the filesystem, plus any fallout from databases not stopping properly, etc. Of course, this is all (or should be) academic, since people in limited admin groups like operator should be presumed able to escalate to root. I think operator is allowed to run dump, among other things. A big Windows security flaw is adding people to Power Users, as if that stops anything beyond clumsy mistakes. -- Rob Farmer ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: /sbin/reboot
On Fri, Dec 10, 2010 at 1:04 AM, Mark Andrews ma...@isc.org wrote: When you have administered multi-user systems you learn to do things gracefully unless you actually need to do things abbruptly. Yes I of course I use shutdown -r on a multi-user system in the rare times I deal with one. However that's not much of a reason not to have reboot in the operator group, especially if you're like me in thinking the vast majority of installs are single user type systems. As the end of the day, it's pretty trivial to me one way or the other but I do think the current way is a POLA violation. On Fri, Dec 10, 2010 at 1:10 AM, Rob Farmer rfar...@predatorlabs.netwrote: I haven't thought about the situation in any detail, but nothing jumps out at me from the manpage. shutdown will also pass the -n flag to reboot or halt as the man page describes. Also the simplest DoS from shutdown -p/h. All I'm saying is that if you're comfortable with the privs operator gives to the user, there shouldn't be much qualms in granting reboot's functionality. Looks like just mksnap_ffs and shutdown have operator grouping by default. -- Adam Vande More ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: /sbin/reboot
In article aanlktikggsyrlnds6oihw2u3syjezrrqwdsa9z4t7...@mail.gmail.com, amvandem...@gmail.com writes: For the correct order, shutdown -r calls reboot which calls init which calls rc.shutdown. No. shutdown(8) sends a SIGINT to init(8), which runs rc.shutdown and then calls reboot(2) as its last act. reboot(8) freezes init(8), then sends a SIGTERM to anything left running, then sends a SIGKILL to anything left running, then calls reboot(2) as its last act. Doing a shutdown -r is the same as a reboot without the warning to logged in users and shutdown handles the logging instead of reboot. Not even close. -GAWollman ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org