8

I have a Linux VM on AWS in EC2 that starts up, performs a task, and then shuts itself down. I am issuing the shutdown command like this:

shutdown -h 5

I have a 5 minute delay to give myself time to ssh into the server and cancel the shutdown if I want to do something with the server.

The problem I have is once I issue the shutdown command, Linux will no longer allow new logins. There doesn't seem to be anything in the man page to allow it to issue a shutdown, but still allow new logins.

Is there a way to issue this shutdown command, but still allow a new ssh login?

Peter Mortensen
  • 1,025
Jeff
  • 183
  • 2
    The purpose of the delay is to allow an existing process to complete, not to give you a chance to start something new. Don't use shutdown unless you are prepared to stop using the machine immediately until after restart. – chepner Jul 27 '21 at 15:14

3 Answers3

18

You could simply not use shutdown with a time specification, but

echo shutdown -h now | at now + 5 minutes

or similar; a simple

sleep $((60*5)) ; shutdown -h now

would do, too.

However, using at has the advantage that you can review waiting commands using atq and cancel them using atrm.

AdminBee
  • 22,803
Marcus Müller
  • 28,836
  • This at command is perfect, thank you. I was already using a sleep, but it's harder to cancel the shutdown since I have to kill the shell script in order to prevent the shutdown. – Jeff Jul 26 '21 at 22:58
  • 2
    Note that this approach will not inform the users. – jiwopene Jul 27 '21 at 10:35
  • 3
    @Jeff, if you have sleep; shutdown and kill the script during the sleep, I think it should stop and not do the shutdown. You could also use sleep && shutdown, so even if kill just the sleep command, the script would skip running the shutdown. – ilkkachu Jul 27 '21 at 10:53
  • 5
    The downside of at is that if you ever shutdown manually before the 5 minutes, then at startup, at will run the tasks that should have been run during the shutdown time and will then shut down immediately again. – Vincent Fourmond Jul 27 '21 at 11:23
  • @VincentFourmond oh I didn't even know that. But my guess is that in case of an EC2 VM, it probably won't matter, as its lifetime probably ends there (but that's making assumptions on the way OP is using AWS) – Marcus Müller Jul 27 '21 at 12:46
  • @ilkkachu Thanks for the suggestion. '&&' is a nice improvement to the sleep technique so I wouldn't have to kill the entire script, just the sleep. – Jeff Jul 27 '21 at 14:13
  • Note that GNU sleep which the OP will have since it's a Linux VM, can take minutes, hours and even days as arguments so you could just do sleep 5m && shutdown -h. – terdon Jul 27 '21 at 16:02
  • @terdon yep, GNU sleep can do that, but I don't think busybox' sleep does, and this might be an Alpine or similar VM, which would be rather typical for a cloud VM. – Marcus Müller Jul 27 '21 at 16:06
  • @terdon update: I tried, current busybox can! – Marcus Müller Jul 27 '21 at 16:07
  • Yes, and your approach is 100% portable (as far as I know, anyway). My comment wasn't intended as criticism, just thought it might be useful for someone else. Update: huh! Busubox is improving! – terdon Jul 27 '21 at 16:07
  • @terdon I know, didn't take it negatively :) The feedback is always appreciated!! – Marcus Müller Jul 27 '21 at 16:08
  • @jiwopene Do a shutdown -k 5 && shutdown -c " " && echo shutdown -h now | at now + 5 minutes? This causes a shutdown message and nologin, then stops it, then schedules a real shutdown in 5 minutes. – Yakk - Adam Nevraumont Jul 27 '21 at 21:25
8

Usually, shutdown creates the file /etc/nologin, which the login command understands to deny non-root logins.

This leaves you two obvious options:

  1. Connect as root (prefer to use public-key authentication rather than a password for this).
  2. Remove the /etc/nologin file after starting the shutdown. Be aware that new users connecting won't have seen the wall message warning of the impending shutdown; that could be deleterious to their sessions.
Toby Speight
  • 8,678
  • 2
    +1 for "deleterious to their sessions" – user7761803 Jul 27 '21 at 13:02
  • Sadly I don't see my vm creating this file when issuing the shutdown command with a time. The man page for nologin also mentions /var/run/nologin, but I don't see that either. – Jeff Jul 27 '21 at 14:10
  • 1
    @Jeff The man page for shutdown on my Ubuntu with systemd says "If the time argument is used, 5 minutes before the system goes down the /run/nologin file is created to ensure that further logins shall not be allowed.". So, if you start it with a 5 min delay, you probably could delete the file just after. But with a longer delay, you'd have to wait for the file to appear to be able to remove it... – ilkkachu Jul 27 '21 at 14:16
  • Did you mean /run/nologin instead of /etc/nologin? It seems odd for a file like that to be created on /etc and not /run or maybe /proc or any other such filesystem. – terdon Jul 27 '21 at 16:09
  • I was just quoting from the login man page. It does seem reasonable on modern systems for /etc/nologin to be a symlink to something on /run (though not /proc, which is usually a procfs filesystem). – Toby Speight Jul 27 '21 at 20:07
  • @terdon, I seem to recall /etc/nologin being used in pre-systemd systems, but haven't used any variant of nologin for a long time. The Debian manpage nologin(5) still says /etc/nologin too. – ilkkachu Jul 27 '21 at 20:29
  • Ah, yes: systemd may well move things around - not sure whether the OP's platform has that. – Toby Speight Jul 27 '21 at 20:52
4

The simple solution is to not actually run shutdown too soon. Instead, sleep for some time first and run shutdown only when the delay is over.

If the job runs as a shell script, this is easy. You'll also need some way to stop the shutdown from eventually happening. You could either just kill the script, or have the script e.g. check some file after the sleep is over to stop the shutdown:

sleep 300
if ! [ -e /noshutdown ]; then
    shutdown -h now
fi
ilkkachu
  • 138,973
  • 2
    The downside to delayed shutdown now is that users get very little time to act on the warning message that's written to all terminals. It might be worth adding a suitable wall command to the script. – Toby Speight Jul 27 '21 at 09:35
  • @TobySpeight, sure, though in this case, there probably weren't online users to begin with. – ilkkachu Jul 27 '21 at 10:49