--- Ed <preceptortoo@yahoo.com> wrote: > This may be one of those amazingly daft questions that many people know the > answer to. I've seen multiple recommendations that patches are only ever > installed in Single User Mode. > > But I can't seem to find any explanation as to why this is necessary. > > The best I've managed to get is 'it's safer' because then you're definitely > the > only person changing those files. But is that the only reason? Thanks to all the people who responded Brett Lymn, Nathan Dietsch, Russell Page, Alan Pae, Michael Connolly, John Leadeham, Andrew_Rotramel, Darren Dunham, Chris Pinnock, Lecher Jane, John Christian, Terry L Moore, Kalyan Manchikanti , Michael Horton, Nicolas Figaro. The general consensus was that one should reboot after patching, to check for anything unpleasant having happened with one of the patches, so if something strange has happened, it's picked up immediately. Several mentions of "It's safer". A particular example given being that if you're modifying a dynamic library the program opening it may do 'unexpected' things. These might include daemons being spawned (I always thought though, that if files were open, then they'd be fine until the daemon restarted though) Also that the patches _may_ modify config files, such as sendmail.cf and nsswitch.conf, which may cause problems on a 'live' system (although as far as I can tell, this will _also_ cause problems if you do it in single use, and then reboot). A mention that Sun 'recommend' doing this because it covers their arse against things that can be a real pain to troubleshoot, and because they've tested the patches through a single user install. A report that 'some patches make the kernel "delicate"' so a crash might occur when someone logs in. A mention that if a kernel patch is being applied, the system can die and go horribly wrong. A mention that that if files are in use they won't be overwritten which is really bad when patching (I would agree, but again, I thought Solaris allowed one to overwrite files that were open, because the 'other' copy of the file would remain linked as an inode until the ref count dropped to zero) In summary, I'm still not entirely clear as to the need for single user mode to install. As a convenience in order to avoid potential user complaints of failed logins or crashed processes, and one report of cron dying. No specific examples as to patches that would cause a machine in run level 3 to fail, and it seems no real danger if the system is rebooted just after patching. It's strongly recommended to reboot after patching, because this allows one to verify that none of the patches installed cause any horrible problems. They'd still do so when the machine next rebooted, but without the fact that it was patched recently still fresh in the memory. Ideally rebooting beforehand to kick off users can also be handy. The reason for asking the question was a debate with a collegue about a new server on which we're deploying a patch cluster. The machine, at the time, was not live, and the question of why we had to take it to single user, and faff around with a console server was raised. Thanks all for your responses, and I'd still be keen to hear if anyone has further information on the subject. I'm still quite curious as to whether the 'single user to patch' doctrine is folklore and 'just in case' or if there's some specific things that _will_ cause a system failure beyond one fixable by a reboot. __________________________________ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Tue Aug 10 11:31:51 2004
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:36 EST