more on fsck with securelevel
wmoran at potentialtech.com
Fri Jun 4 16:36:34 PDT 2004
Brooks Davis <brooks at one-eyed-alien.net> wrote:
> On Fri, Jun 04, 2004 at 05:05:34PM -0500, J.D. Bronson wrote:
> > I did set this in /etc/rc.conf:
> > fsck_y_enable="YES"
> > But I was wondering if this might be a good idea too:
> > (looking at the defaults)
> > fsck_y_enable="NO" # Set to YES to do fsck -y if the initial preen
> > fails.
> > background_fsck="YES" # Attempt to run fsck in the background where
> > possible.
> > background_fsck_delay="60" # Time to wait (seconds) before starting the
> > fsck.
> > ..might it not be prudent to set 'background_fsck="NO"' when running in
> > secure mode?
> > Eventhough I shut down carefully, sometimes it still feels the need to run
> > fsck (even with soft updates)...but when running securelevel, is it
> > actually going to accomplish anything?
> I think just setting background_fsck_delay=0 may allow bgfsck to work.
> Once fsck has opened the FS, I think it should keep it open and writes
> should work. I'm not 100% sure of that though.
fsck_y_enable determines what happens when a normal fsck fails. If it's set
to "NO", you're dumped into single-user mode with a scary message. If it's
set to "YES", then fsck is rerun with the -y option. Setting it to "YES" will
allow the system to boot automatically under almost all conditions, but you may
lose data that you could have recovered if you'd run fsck manually ... assuming
you know what you're doing well enough to recover that data.
background_fsck controls whether the initial boot fsck is run in the background,
after booting, or in the foreground during the boot, forcing the boot process
to wait on it (background_fsck="NO" is basically the same behaviour as pre-5
background_fsck_delay is pretty obvious.
Hopefully, that will help you reach a config that works for you.
More information about the freebsd-questions