From owner-freebsd-questions Tue Jul 24 21:31:18 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-27-141-144.mmcable.com [24.27.141.144]) by hub.freebsd.org (Postfix) with SMTP id B7F2A37B403 for ; Tue, 24 Jul 2001 21:31:13 -0700 (PDT) (envelope-from mwm@mired.org) Received: (qmail 38244 invoked by uid 100); 25 Jul 2001 04:31:13 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15198.19345.126951.494596@guru.mired.org> Date: Tue, 24 Jul 2001 23:31:13 -0500 To: Erik Trulsson Cc: questions@freebsd.org Subject: Re: make world from across the globe In-Reply-To: <57502625@toto.iv> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Erik Trulsson types: > > I'm therefore hoping someone can point me in the direction of either i) > > a way to login across the Internet or ii) a way to do a source upgrade > > without dropping to single user > > You do not have to drop to single user. The important thing is that the > system is "quiet" during the installworld. That's part of the problem. There is another one. You have to restart any long-running software after the installworld - which means a reboot for the kernel. Having a quiescent system means you aren't likely to run the new version of a program that needs a daemon against the old version of the daemon. > This basically means that you should not have any unnecessary daemons > running in the background and no users should be allowed to login > during the installworld. (Unnecessary daemons == everything except the > instance of sshd that you are connected to.) Those requirements take care of one problem, but not needing to restart update daemons. For example, if you ssh in, then sshd is running. You add a patch for a security problem in ssh, build and install everything, but don't reboot. Your sshd is still insecure, as you never restarted it. Dropping to single user mode and the exiting the single user shell will restart everything but the kernel. If you're installing a new kernel, you *have* to reboot. > If you have a serial console for the machine then it is possible to > drop into single user mode and do everything 'by the book'. This does > require you to have some other machine at the location connected to the > first one with a serial cable though, so it might not be possible. > Having a serial console can be quite useful if you run into any > problems with a remote machine. That's the safest way. Even better is to chase down one of the "VGA cards" that include a serial port and emulate a VT100 or some such for the BIOS. If the idea is to avoid doing things in single-user mode, you can do the entire dance - buildworld, kernel, installworld, mergemaster - before rebooting, and it's not incredibly unsafe. The problem will be during the installworld -- Mike Meyer http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message