Re: safe file systems

H. Peter Anvin (
25 Sep 1997 19:06:17 GMT

Followup to: <>
By author: Robert Wuest <>
In newsgroup:
> I also have a need for this. Well, maybe not this extreme. I would like
> to put Linux on the plant floor in a manufacturing environment. The
> current solutions use DOS based systems, which are in fact, quite tolerant
> to being turned off at random (not completely, but they're pretty good
> about it).
> I have in fact brought Linux up on one machine to prove the concept and
> demonstrate how nice it is to do system maintenance and software upgrades
> without bringing the machine down. Our problem is two fold, power isn't
> terribly reliable and the operators are NOT going to learn to shut down
> the computer before hitting the master power switch on friday afternoon.
> So the way it sits now, Linux is not a viable solution.

Not to discount your expertise in any way, shape or form here...

Given that even DOS-based systems can screw up horribly if you turn
them off at just the right time (Linux systems will usually survive
random power shutoffs too, especially if you stick a -y in the fsck
line in the bootup scripts -- the main difference is that DOS will
boot up with the filesystem still trashed and proceed to grind), you
may want to think about this more carefully.

There are a couple of ways by which Linux can, indeed, be power-off
safe, and I mean truly safe.

The most obvious way is to hook up a small UPS and run powerd. The
UPS keeps the system alive long enough to shut down; powerd handles
the controlled shutdown based on a signal received from the UPS.
There are, or at least used to be, small UPSes (2-3 minutes duration)
that fit inside a PC power supply and operate on the DC side (no need
for an inverter); conventional small UPSes are quite cheap these days.

On a software level, the key to running Linux power-down-safe involves
the following rules:

a) Any local, persistent filesystem should be mounted read-only.
b) Use a RAMdisk for mutable data you don't care about, and
re-initialize it from readonly media on boot; for data you
*do* care about saving use a remote server.

We have a couple of Linux boxen which act as routers here, mainly
since we can get pretty beefy systems for 1/10 the price of a Cisco.
These boxen keep their entire filesystem on a RAMdisk, loaded from
floppy at boot time. The floppy isn't even mounted -- the way we
upgrade is to replace the floppy and press "reset".

We don't use a remote server for anything since, well -- routers are
the backbone of the network...


    PGP: 2047/2A960705 BA 03 D3 2C 14 A8 A8 BD  1E DF FE 69 EE 35 BD 74
    See for web page and full PGP public key
        I am Bahá'í -- ask me about it or see
   "To love another person is to see the face of God." -- Les Misérables