-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 rhurst@xxxxxxxxxxxxxxxxx wrote: > Are these two kernel sysctl parameters recommended to be enabled all the > time, particularly with production GFS/clustered systems, or only for > dev/test systems for debugging purposes? Thanks. > Only the first of these is a kernel parameter (kernel.sysrq). It enables keyboard sysrqs (holding down alt-sysrq-$KEY to trigger a sysrq command). This is off by default as it means anyone with console access can do "bad stuff" (reboot, DoS with thread dumps, SAKs etc). If physical access is sufficiently secure you can leave them on all the time - I do this on all my lab/test boxes. For production it all depends on your situation. The second is just a trigger (/proc/sysrq-trigger). Echoing a char into there just triggers the corresponding sysrq action once. This does not need /proc/sys/kernel/sysrq enabled since only root has write access to the file. Regards, Bryn. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFGE6/06YSQoMYUY94RAviUAJ4pRO6UVaZCujXSzZ0zIrbqV1qcNgCgsaUM /Q8U7J65Bt4pMxnxGVD9pbc= =j198 -----END PGP SIGNATURE----- -- Linux-cluster mailing list Linux-cluster@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-cluster
