Jerry Geis wrote:> What is the rule of thumb for reboots after updates...
I'd say the rule of thumb is to do whatever works best for you, and that
you'll likely get quite the variety of different responses. ;o)
> Certainly if I update from 5.2 to 5.3 I reboot.
>
> But if you update something like krb5 or pam
> does that require a reboot? Does the "fix" get automatically
loaded and used
> or do you just do a reboot always?
If the kernel gets updated, obviously it goes without saying that you
need to reboot for that. Also for 'init', or any of its dependencies.
For pretty much everything else, you just need to restart anything that
has gotten updated, or anything that depends on anything that just got
updated. If various libraries receive security updates for example, and
you do not restart every application that is using that library, then
you wont be using the "secure" or "bug fixed" version until
those
running apps are all restarted.
In general, "init 1" followed by "init 3" or "init
5" will do the job
slightly faster than a full reboot if time matters at all, but a full
reboot is just "simple" to perform and has 100% certainty that any and
every possible package that just got updated is definitely restarted
with the new version, new libraries, new data files, etc.
The time it takes you to determine what all pieces of running software
need to be restarted to be securely using anything that just got
updated, is likely to be greater than the time it takes to do a simple
reboot or init 1 / init 3/5.
So, I would say "reboot" is the simplest, safest, foolproof way to
ensure you're running updates even if some people will balk at the idea
that you have to reboot a Linux system. You don't have to of course,
but life is short and rebooting is fast. ;o)