From owner-freebsd-questions@FreeBSD.ORG Fri Jun 4 16:36:33 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E288616A4CE; Fri, 4 Jun 2004 16:36:33 -0700 (PDT) Received: from internet.potentialtech.com (h-66-167-251-6.phlapafg.covad.net [66.167.251.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 85D6243D31; Fri, 4 Jun 2004 16:36:33 -0700 (PDT) (envelope-from wmoran@potentialtech.com) Received: from working.potentialtech.com (pa-plum1c-102.pit.adelphia.net [24.53.179.102]) by internet.potentialtech.com (Postfix) with ESMTP id 00B0269A71; Fri, 4 Jun 2004 19:35:48 -0400 (EDT) Date: Fri, 4 Jun 2004 19:35:47 -0400 From: Bill Moran To: Brooks Davis Message-Id: <20040604193547.6d69fa7f.wmoran@potentialtech.com> In-Reply-To: <20040604222232.GB25234@Odin.AC.HMC.Edu> References: <6.1.1.1.2.20040604170255.00bf3b38@cheyenne.wixb.com> <20040604222232.GB25234@Odin.AC.HMC.Edu> Organization: Potential Technologies X-Mailer: Sylpheed version 0.9.10 (GTK+ 1.2.10; i386-portbld-freebsd4.9) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-performance@freebsd.org cc: freebsd-questions@freebsd.org cc: jbronson@wixb.com Subject: Re: more on fsck with securelevel X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jun 2004 23:36:34 -0000 Brooks Davis wrote: > On Fri, Jun 04, 2004 at 05:05:34PM -0500, J.D. Bronson wrote: > > I did set this in /etc/rc.conf: > > fsck_y_enable="YES" > > > > But I was wondering if this might be a good idea too: > > (looking at the defaults) > > > > fsck_y_enable="NO" # Set to YES to do fsck -y if the initial preen > > fails. > > background_fsck="YES" # Attempt to run fsck in the background where > > possible. > > background_fsck_delay="60" # Time to wait (seconds) before starting the > > fsck. > > > > ..might it not be prudent to set 'background_fsck="NO"' when running in > > secure mode? > > > > Eventhough I shut down carefully, sometimes it still feels the need to run > > fsck (even with soft updates)...but when running securelevel, is it > > actually going to accomplish anything? > > I think just setting background_fsck_delay=0 may allow bgfsck to work. > Once fsck has opened the FS, I think it should keep it open and writes > should work. I'm not 100% sure of that though. fsck_y_enable determines what happens when a normal fsck fails. If it's set to "NO", you're dumped into single-user mode with a scary message. If it's set to "YES", then fsck is rerun with the -y option. Setting it to "YES" will allow the system to boot automatically under almost all conditions, but you may lose data that you could have recovered if you'd run fsck manually ... assuming you know what you're doing well enough to recover that data. background_fsck controls whether the initial boot fsck is run in the background, after booting, or in the foreground during the boot, forcing the boot process to wait on it (background_fsck="NO" is basically the same behaviour as pre-5 systems) background_fsck_delay is pretty obvious. Hopefully, that will help you reach a config that works for you. -- Bill Moran Potential Technologies http://www.potentialtech.com