not able to signon after canceling a shutdown -r +2

B

Ben Thijssen

Problem with user login after canceling a shutdown -r +2

Word of preface:
nuc pc is running freebsd 14.2 headless and it's hostname is bsd
the user is ben, so the prompt says ben@bsd

sudo shutdown -c does not work, it says:
Code: 
ben@bsd:/usr/share/zoneinfo $ sudo shutdown -c
Password:
usage: shutdown [-] [-c | -h | -p | -r | -k] [-o [-n]] time [warning-message ...]
       poweroff

It seems it does not recognize the -c flag. Fine, I use kill instead.
The man page shutdown() also mentions something about that:
****
-c The system is power cycled (power turned off and then back on) at
the specified time. If the hardware doesn't support power cycle,
the system will be rebooted. At the present time, only systems
with BMC supported by the ipmi(4) driver that implement this
functionality support this flag. The amount of time the system
is off is dependent on the device that implements this feature.
****

I am not 100% sure but I think freebsd 13.4 responded as expected to sudo shutdown -c

I can reproduce the problem any time.

This is the sequence of commands:

*1* ben@bsd:~ $ sudo shutdown -r +2
Shutdown at Thu Feb 6 09:19:19 2025.
shutdown: [pid 1340]
Code: 
ben@bsd:~ $                                                                         
*** System shutdown message from ben@bsd.localnamar.nu ***            

System going down in 2 minutes


Because sudo shutdown -c does not work I have to use the kill command.

*2* ben@bsd:~ $ sudo ps ax | grep shutdown
Code: 
1340  -  S<s   0:00.00 shutdown -r +2
1343  1  S+    0:00.00 grep shutdown

*3* ben@bsd:~ $ sudo kill -9 1340

*********
*4*
On my laptop, with hostname ben I executed ssh at 9:20h. to connect to the freebsd system
Code: 
ben@ben:~$ [cmd]ssh ben@bsd.localnamar.nu[/cmd]


NO LOGINS: System going down at 09:19


Administrator refusing you: /var/run/nologin
Connection closed by 192.168.178.18 port 22
ben@ben:~$

logging in as user ben at the nuc freebsd 14.2, using a console instead
of ssh, gives the very same message, so it is not just related to using ssh.
user root is always able to login at the nuc freebsd using a console.
By the way, ssh login is disabled for user root.

********
back on my nuc with freebsd 14.2 the /var/log/messages says:
Code: 
Feb  6 09:20:00 bsd sshd[1357]: fatal: Access denied for user ben by PAM account configuration [preauth]
Feb  6 09:29:52 bsd sshd[1384]: fatal: Access denied for user ben by PAM account configuration [preauth]

But before the sudo shutdown -r +2 followed by killing the shutdown, user ben could signon and also remains
signed on in the sessions where he was signed on before the "shutdown". But he can not start a new session.

To me it looks like pieces of the shutdown are still pending, despite killing it.
sudo ps ax | grep shutdown does not show anything, but the grep:
Code: 
ben@bsd:~ $ sudo ps ax | grep shutdown
1416  1  S+     0:00.00 grep shutdown

on the nuc freebsd 14.2 I checked:
ls -l /etc/nologin # It replies : ls: /etc/nologin: No such file or directory
pw usershow ben # It replies: ben:*:1001:0::0:0:Ben Thijssen:/home/ben:/bin/sh
sudo cat /etc/master.passwd | grep ben # Replies ben:$6$O4Hqk .etc. ReS/:1001:0::0:0:Ben Thijssen:/home/ben:/bin/sh

After a reboot of the nuc (freebsd) user ben can signon again, either at the console or remotely using ssh

I can not explain this. Can anyone?

Not important but I use sudo shutdown -r +2 just
before testing a modified pf firewell test script.
sudo pfctl -f /usr/local/etc/firewall/testscript.conf
When I lock myself out the system will reboot using
a well tested /etc/pf.conf instead of testscript.conf
That enables me to log on remotely again using ssh.
When I am not locked out I kill the shutdown -r +2 immediatly
 
And what if you use just kill pid_of_shutdown?
It will sends the TERM instead of KILL signal. Maybe shutdown will have time to do what it has to do before to exit.
 
Ben Thijssen said:
It seems it does not recognize the -c flag. Fine, I use kill instead.
The man page shutdown() also mentions something about that:
****
-c The system is power cycled (power turned off and then back on) at
the specified time. If the hardware doesn't support power cycle,
the system will be rebooted. At the present time, only systems
with BMC supported by the ipmi(4) driver that implement this
functionality support this flag. The amount of time the system
is off is dependent on the device that implements this feature.
****

I am not 100% sure but I think freebsd 13.4 responded as expected to sudo shutdown -c
Click to expand...
It depends on what you were expecting. If you'd expect the behaviour as described in the (quote from the) man page, that's what current shutdown does and has been doing since https://cgit.freebsd.org/src/commit...c?id=e60baa725230ed256b04bfe82488ae46fa770a5c (which predates 13.4 by a fair bit.)
 
SirDice, thanks a lot for you prompt reply. I will put that in a script and use that from now on. But still I like to report that {cmd]sudo shutdown -c[/cmd] does work and a killing the shutdown -r +2 disables users to sign on, besides of the root user. The same goes for freebsd15-CURRENT. I am happy with your solution. I can continue modifying and re-loading a /usr/local/etc/firewall/pf-test.conf without locking myself out. I still will be able to logon remotely with ssh.
This is my first post in freeBsd. Should I report the problem with the sudo shutdown -c as a bug?

Before applying this answer I tested it. It works like a charm and is much better than a reboot. Thanks SirDice.
 
Emrion said:
And what if you use just kill pid_of_shutdown?
It will sends the TERM instead of KILL signal. Maybe shutdown will have time to do what it has to do before to exit.
Click to expand...
a sudo kill <PID> does the tric. After that I am still able to start a new signon session. Using sudo kill -9 <PID> disabled a new signon. Thanks a lot Emiron.
 
Ben Thijssen said:
Should I report the problem with the sudo shutdown -c as a bug?
Click to expand...
I still suspect you expect shutdown -c to do something different from what it's doing (presumably to cancel a previously scheduled shutdown.) Unless you clarify how the behaviour differs both from your expectation and (more importantly) from the documented behaviour (which you already quoted above), nobody can advise you if a PR is warranted.

Ben Thijssen said:
Using sudo kill -9 <PID> disabled a new signon. Thanks a lot Emiron.
Click to expand...
To be precise, shutdown disables new logins, kill -9 just doesn't give it a chance to enable them again.
 
adorno said:
I still suspect you expect shutdown -c to do something different from what it's doing (presumably to cancel a previously scheduled shutdown.) Unless you clarify how the behaviour differs both from your expectation and (more importantly) from the documented behaviour (which you already quoted above), nobody can advise you if a PR is warranted.


To be precise, shutdown disables new logins, kill -9 just doesn't give it a chance to enable them again.
Click to expand...
That is exacly what sudo kill -9 <PID> seems to do. Something of the shutdown command is left pending after killing it roughly with flag -9, blocking new logins, except for user root. As also hinted by Emrion. sudo kill <PID> probably terminates the shutdown gracefully and completely, enabling new logins. I will not report it as a bug, because I am not 100% sure sudo shutdown -c did was it was supposed to be doing on freebsd 13.4 on the very same pc. At that time I documented sudo shutdown -c as a solution. I expect I do not document anything without testing it first, but again I am not 100% sure. As noted by you in this thread it has been reported back in 2017. I leave it as is. I am glad my problem is solved thanks to contributions in this thread. It showed my how to terminate a pending shutdown completely. For testing pf firewalls I wrote a script based on the advise of SirDice pfctl -f /etc/pf-test.conf && sleep 60 && pfctl -f /etc/pf.conf. A nice solution to gurantee remote login using ssh to access headless pc's and VPS systems after modifying a firewall that could lock you out. It is not the first time a stupid error in a firewall locked me out.

Thank you all for your knowledgeable advice, I appreciate it. The responses came also very fast, I did not have to wait for a long time. Thumbs up.
 
The response to executing sudo shutdown -c was displaying the usage message because you failed to provide a required argument (the time). You can see time mentioned both in the usage message and in the man page. The meaning of -c is described in the man page.

Something else you can find in the man page is a mention of the file /var/run/nologin which prevents login attempts from users other than root. Depending on how you kill shutdown that file is removed or not.
 
kill -9 is almost never the right choice, and should never be the first choice. it's indistinguishable, to the process, from having the power shut off abruptly. generally speaking, we'd start with a regular kill and if a process doesn't respond to that, use kill -2.
 
JordanG said:
The response to executing sudo shutdown -c was displaying the usage message because you failed to provide a required argument (the time). You can see time mentioned both in the usage message and in the man page. The meaning of -c is described in the man page.

Something else you can find in the man page is a mention of the file /var/run/nologin which prevents login attempts from users other than root. Depending on how you kill shutdown that file is removed or not.
Click to expand...
Thanks JordanG. You are right the sudo shutdown -c now is taken without showing the usage message when adding a time. Surprisingly the system reboots. It does not really cancel the shutdown as I would expect.

Code: 
ben@bsd:~ $ sudo shutdown -r +5
Password:
Shutdown at Sat Feb  8 05:17:31 2025.
shutdown: [pid 1162]
ben@bsd:~ $                                                                             
*** System shutdown message from ben@bsd.localnamar.nu ***                

System going down in 5 minutes                                              

                                                                            

ben@bsd:~ $ sudo shutdown -c now
Shutdown NOW!
shutdown: [pid 1167]
ben@bsd:~ $                                                                             
*** FINAL System shutdown message from ben@bsd.localnamar.nu ***          

System going down IMMEDIATELY                                               

                                                                            
Connection to bsd.localnamar.nu closed by remote host.
Connection to bsd.localnamar.nu closed.

The shutdown() man page says that a SIGTERM is sufficient to cancel the shutdown and will remove file /var/run/nologin. Using sudo kill <PID> does not provide for finishing the shutdown in its entirety, as noted by several people in this thread.

I am almost sure sudo shutdown -c without time indication was taken on freeBSD 13.4. I do not have access to a freeBSD 13.4 system to check that. My laptop is running debian bookworm and says literally shutdown -c would suffice to cancel the shutdown. That is not true for every OS, but it is not uncommon. I was thinking about reporting a bug, but I will not, because there is a perfect way to cancel a pending shutdown. But that is not using sudo shutdown -c now

Code: 
ben@ben:~/Downloads$ sudo shutdown -r +5
[sudo] password for ben:
Reboot scheduled for Sat 2025-02-08 05:55:41 CET, use 'shutdown -c' to cancel.
ben@ben:~/Downloads$ sudo shutdown -c
ben@ben:~/Downloads$


Thanks for pointing this out.
 
You must log in or register to reply here.
Back
Top