Re: itp: static bins / resolving static debian issues
On Fri, Aug 20, 1999 at 07:39:40PM -0400, Michael Stone wrote:
> > OK, if roots shell gets switched to sash then yes, this works. I thought
> > you were opposed to that, hence my comment above. I guess just a
> > misunderstanding here.
>
> Nope. I've never been opposed to a local admin making /bin/sash his
> default root shell--that's the way I do things here. But that's another
> local configuration issue and shouldn't be a general default.
If it isn't the general default; or at least if the user isn't asked
what they want with a GOOD explanation of why they would want it, then
lots of users will hose their systems and have no way to recover.
When you install the sash package it asks you if you want sash to be
your root shell. It should probably continue to do that, and it would
be nice if it said something like, "So that the system can be recovered
if it crashes" so that people know why they're being asked.
Judging from this thread, even many experienced Debian users are ignorant
of the issues surrounding recovery.
> And I've answered them all before. You just don't like the answers and
> insist that debian make a rather unique set of requirements the default
> for all users. If this was the justinwellsian distribution it would make
> sense to tailor things to your needs. But it isn't...
A "rather unique" set of requirements, get real. Take a poll of Debian
users then, and ask them whether they would like to be able to recover
from a failure without having to reboot.
I don't think that's a unique requirement.
Why don't you start a new thread asking for a change to debian policy
such that policy state Debian should not, by default, be usable as a
reliable server. That seems to be what you're suggesting.
Basically it amounts to this: every other OS I've ever used that was
vaguely similar to Unix gave me what I want; RedHat gives me it as well,
as do all the *BSD's. Why would I use Debian if it makes every single
install a nightmare of special little things i have to do to make it
work in a reliable fashion?
You suggest I should go create a backup root, I should go create a
static shell, I should go compile my own static shell tools, I should
go and... well I won't. In that case I just wouldn't use Debian. It's
too much trouble to make it work reliably, if that's what I have to do.
All of this because you prefer root having a dynamic shell, for no
apparent good reason; and you prefer to reduce your disk needs by
a rather tiny amount, in exchange for no reliability.
I think it is you who have the odd requirements.
> > -- recover from an administrator error, such as someone mis-using
> > dpkg or "rm -rf *" in a way that leaves the dynamics broken, and
> > doing so without disturbing your clients who are connecting to
> > servers on your box (servers are linked and loaded already)
>
> And I said to squirrel a backup root partition on a seperate disk.
> You've already argued that a couple of dozen megs are negligable, so the
> space is well worth protection against library corruption, user error,
> hardware failure, etc. How do your static bins help if your hard disk
> dies completely?
I lost / and /usr (IDE cable fell out, that's pretty good for "dies
completely") and as a result of having static bins, was still able
to continue to execute commands that had recently been cached. I
shut everything down nicely, copied some data off the machine, and
then waited to see just how long it would take to crash (~ 30min).
Yes, this was on a Linux system.
> The backup root'll still be there... Your solution
> solves a _strict subset_ of the problems that a redundant solution will
> solve, and the only argument you've provided against it is the (false)
> argument that you need to reboot and the (personal problem) that you
> prefer static binaries.
Working systems are a "strict subset" of all systems, but a very large
and important subset.
Similarly, "servers" are a "strict subset" of all systems, but a very
important subset, if not so large.
And "servers that need liver recovery" are a "strict subset" of all
systems, but a very important subset as well, and a fairly significant
subset of all servers.
And a bit more loosely, "servers where live recovery would be nice"
includes almost all servers, even though it isn't necessarily required.
> If you want a package of optional static
> binaries and you can convince someone to do the work, fine--I don't
> care. But until you can demonstrate how you _can't_ recover without that
> package, don't expect a lot of support for making it the default.
I've repeatedly demonstarted how I can't recover without the package
(and without rebooting). Your answer is I could always create a whole
new operating system myself, and compile whatever I needed, so clearly
I could get by without it.
OK, a bit of an exaggeration, but not much. If you make it too much
work for Debian to be used as a reliable server, then I and everyone
else will refuse to use it as a reliable server.
I don't think that notion will get a lot of support on this list
either. I suspect people would like it if Debian were used for
tasks somewhat more important than sitting on a desktop.
> The fact that a fluke once helped you out is irrelevant in trying to
> come up with a solid, well-balanced distribution. If I told you that I
> once had a system with dynamic libs that worked for a little while after
> it burst into flames would you consider that a good reason to use
> dynamic libraries?
You asked me how statics would help in the face of massive disk failure,
and there above is the answer. Now that you have the answer, for some
reason you don't like it.
I don't know what else to say.
I don't think IDE cables fall out often; I do think the above demonstates
the usefulness of static binaries in the face of even such a massive
failure.
> > -- fix a system for someone who isn't as aware of these issues as
> > i am, and didn't know to install sash
>
> Uh huh. The inexperienced beginner is going to whip out his static
> binaries, wave his magic wand, and fix a system that he doesn't
> understand in the first place. Pull the other one...
The inexperienced beginner is going to try and log into root, and may
not even notice that there was an issue with static binaries if it
works. The inexperienced beginner is only likely to learn about their
importance if they DO NOT WORK.
However, the above didn't say the inexperienced beginner logs in and
fixes up the system. The above says the inexperienced beginner panics
and calls me, and I fix it.
Senior system administrators don't normally install all the systems
in a company; but they are frequently called upon to fix them when
they get horribly broken. If the Jr. sysadmin doesn't know that
static binaries are important, then the Sr. sysadmin won't be able
to do their job when the time comes.
Therefore, it should be the default. At least for any system that is
intended for use as a server; if you want Debian could ask a "Is this
a dekstop machine?" question, and install itself in a less useful
and reliable way if it is.
> > -- someone can fix a system after it fails, if they never knew about
> > sash and never thought about statics or live recovery, because it
> [snip]
>
> So the person never gave a thought to reliability, didn't take the time
> to set up a redundant environment (that backup root's still going to do
> wonders here) and is running a server that _can't possibly be rebooted_?
That's right, happens all the time. Welcome to the real world, full of
stupid and/or uneducated and/or uninformed people who are sitting at
the controls of highly important systems and trying to blunder through.
This little fact is more or less the secret to how I make my living (by
bailing these people out on a regular basis).
You would be surprised how little experience the administrators of some
fairly important and critical machines actually have.
In some dream world, all administrators would have 18 years of experience
working under any imaginable circumstance. But we don't live in that
world.
> > -- bring a failed system down gracefully after a failure, closing down
> > daemons by sending them kill signals, and umounting drives
> > manually if necessary (remember the shutdown is going to fail
> > since it is reliant on dynamics)
>
> sash does all that.
Absolutely and totally wrong. sash only does that if you can get sash
running; if you can't get sash running it does nothing. Suppose you
are on as an average user and your machine crashes in some way, and
you decide to fix it, but root's shell isn't static, and you don't
have a static su. Well you're stuck.
Justin
Reply to: