4.3 Shutting Down a Unix System


From time to time, you will need to shut thesystem down. This is necessary for scheduled maintenance, running diagnostics, hardware changes or additions, and other administrative tasks.

During a clean system shutdown, the following actions take place:

  • All users are notified that the system will be going down, preferably giving them some reasonable advance warning.

  • All running processes are sent a signal telling them to terminate, allowing them time to exit gracefully, provided the program has made provisions to do so.

  • All subsystems are shut down gracefully, via the commands they provide for doing so.

  • All remaining users are logged off, and remaining processes are killed.

  • Filesystem integrity is maintained by completing all pending disk updates.

  • Depending on the type of shutdown, the system moves to single-user mode, the processor is halted, or the system is rebooted.

After taking these steps, the administrator can turn the power off, execute diagnostics, or perform other maintenance activities as appropriate.

Unix provides the shutdown command to accomplish all of this. Generally, shutdown sends a series of timed messages to all users who are logged on, warning them that the system is going down; after sending the last of these messages, it logs all users off the system and places the system in single-user mode.

All Unix systems even those running on PC hardware should be shut down using the commands described in this section. This is necessary to ensure filesystem integrity and the clean termination of the various system services. If you care about what's on your disks, never just turn the power off.

There are two main variations of the shutdown command. The System V version is used by Solaris and HP-UX (the latter slightly modified from the standard), and the BSD version is used under AIX, FreeBSD, Linux, Solaris (in /usr/ucb), and Tru64.

NOTE

figs/armadillo_tip.gif

On systems that provide it, the telinit command also provides a fast way to shut down (telinit S), halt (telinit 0) or reboot the system (telinit 6).

4.3.1 The System V shutdown Command

The standard System V shutdown command has the following form:

# shutdown [-y] [-g grace] [-i new-level]  message

where -y says to answer all shutdown prompts with yes automatically, grace specifies the number of seconds to wait before starting the process (the default is 60), new-level is the new run level in which to place the system (the default is single-user mode) and message is a text message sent to all users. This is the form used on Solaris systems.

Under HP-UX, the shutdown command has the following modified form:

# shutdown [-y] grace

where -y again says to answer prompts automatically with yes, and grace is the number of seconds to wait before shutting down. The keyword now may be substituted for grace. The shutdown command takes the system to single-user mode.

Here are some example commands that take the system to single-user mode in 15 seconds (automatically answering all prompts):

# shutdown -y -g 15 -i s "system going down"     Solaris # shutdown -y 15                                 HP-UX

The HP-UX shutdown also accepts two other options, -r and -h, which can be used to reboot the system immediately or to halt the processor once the shutdown is complete (respectively).

For example, these commands could be used to reboot the system immediately:

# shutdown -y -g 0 -i 6 "system reboot"          Solaris # shutdown -y -r now                             HP-UX
4.3.1.1 HP-UX shutdown security

HP-UX also provides the file /etc/shutdown.allow . If this file exists, a user must be listed in it in order to use the shutdown command (and root must be included). If the file does not exist, only root can run shutdown. Entries in the file consist of a hostname followed by a username, as in these examples:

hamlet    chavez     Chavez can shut down hamlet. +         root       Root can shut down any system. dalton    +          Anyone can shut down dalton.

As these examples illustrate, the plus sign serves as a wildcard. The shutdown.allow file also supports the percent sign as an additional wildcard character denoting all systems within a cluster; this wildcard is not valid on systems that are not part of a cluster.

4.3.2 The BSD-Style shutdown Command

BSD defines the shutdown command with the following syntax:

# shutdown [options] time message

where time can have three forms:

+m      Shut down in m minutes. h:m     Shut down at the specified time (24-hour clock).  now     Begin the shutdown at once.

now should be used with discretion on multiuser systems.

message is the announcement that shutdown sends to all users; it may be any text string. For example, the following command will shut the system down in one hour:

# shutdown +60 "System going down for regular maintenance"

It warns users by printing the message "System going down for regular maintenance" on their screens. shutdown sends the first message immediately; as the shutdown time approaches, it repeats the warning with increasing frequency. These messages are also sent to users on the other systems on the local network who may be using the system's files via NFS.

By default, the BSD-style shutdown command also takes the system to single-user mode, except on AIX systems, where the processor is halted by default. Under AIX, the -m option must be used to specify shutting down to single-user mode.

Other options provide additional variations to the system shutdown process:

  • shutdown -r says to reboot the system immediately after it shuts down. The reboot command performs the same function.

  • shutdown -h says to halt the processor instead of shutting down to single-user mode. Once this process completes, the power may be safely turned off. You can also use the halt command to explicitly halt the processor once single-user mode is reached.

  • shutdown -k inaugurates a fake systemshutdown: the shutdown messages are sent out normally, but no shutdown actually occurs. I suppose the theory is that you can scare users off the system this way, but some users can be pretty persistent, preferring to be killed by shutdown rather than log out.

4.3.3 The Linux shutdown Command

The version of shutdown found on mostLinux systems also has a -t option which may be used to specify the delay period between when the kernel sends the TERM signal to all remaining processes on the system and when it sends the KILL signal. The default is 30 seconds. The following command shuts down the system more rapidly, allowing only 5 seconds between the two signals:

# shutdown -h -t 5 now

The command version also provides a -a option, which provides a limited security mechanism for the shutdown command. When it is invoked with this option, the command determines whether any of the users listed in the file /etc/shutdown.allow are currently logged in on the console (or any virtual console attached to it). If not, the shutdown command fails.

The purpose of this option is to prevent casual passers-by from typing Ctrl-Alt-Delete on the console and causing an (unwanted) system reboot. Accordingly, it is most often used in the inittab entry corresponding to this event.

4.3.4 Ensuring Disk Accuracy with the sync Command

As we've noted previously, one of the important parts of the shutdown process issyncing the disks. The sync command finishes all disk transactions and writes out all data to disk, guaranteeing that the system can be turned off without corrupting the files. You can execute this command manually if necessary:

# sync # sync

Why is sync executed two or three times (or even more[15])? I think this is a bit of Unix superstition. The sync command schedules but does not necessarily immediately perform the required disk writes, even though the Unix prompt returns immediately. Multiple sync commands raise the probability that the write will take place before you enter another command (or turn off the power) by taking up the time needed to complete the operation. However, the same effect can be obtained by waiting a few seconds for disk activity to cease before doing anything else. Typing "sync" several times gives you something to do while you're waiting.

[15] Solaris administrators swear that you need to do it five times to be safe; otherwise, the password file will become corrupted. I have not been able to reproduce this.

There is one situation in which you do not want sync to be executed, either manually or automatically: when you have run fsck manually on the root filesystem. If you sync the disks at this point, you will rewrite the bad superblocks stored in the kernel buffers and undo the fixing fsck just did. In such cases, on BSD-based systems and under HP-UX, you must use the -n option to reboot or shutdown to suppress the usual automatic sync operation.

FreeBSD and System V are smarter about this issue. The fsck command generally will automatically remount the root filesystem when it has modified the root filesystem. Thus, no special actions are required to avoid syncing the disks.

4.3.5 Aborting a Shutdown

On most systems, the only way to abort a pending system shutdown is to kill the shutdown process. Determine the shutdown process' process ID by using a command like the following:

# ps -ax | grep shutdown     BSD-style # ps -ef | grep shutdown     System V-style

Then use the kill command to terminate it:

# ps -ef | grep shutdown  25723 co S     0:01 /etc/shutdown -g300 -i6 -y  25800 co S     0:00 grep shutdown # kill -9 25723

It's only safe to kill a shutdown command during its grace period; once it has actually started closing down the system, you're better off letting it finish and then rebooting.

The Linux version of shutdown includes a -c option that cancels a pending system shutdown. Every version should be so helpful.



Essential System Administration
Essential System Administration, Third Edition
ISBN: 0596003439
EAN: 2147483647
Year: 2002
Pages: 162

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net