image credit: findicons.com |
TLDR
In order to know when you should restart your server process (web server, database server, or any other type of server), you need to understand how program works. In this post I will explain basics of program and used libraries and how to detect on linux when you must restart your server.
I am very frustrated with Windows operating system. You need to restart it almost for everything, important security issues, regular updates. Pain is even greater when there is some security product which just pop ups notification: your system will reboot immediately!
And in the beginning, there were stories that unix, and later linux is much better, because you do not need to restart it. As I was learning and using unix/linux, I found that this was true. There were notifications that new updates are installed, but there was no need for machine restart. As I learned about linux, I found out that this was not true.
If you are running linux instances as part of publicly available web application, you must walk extra mile. You will probably set silent automatic updates for you linux instance. But, you will have to do extra check to see do you need to restart your server processes.
Every server process is a program. It consists of executable part and a number of libraries. When you start your server process, executable and all required libraries (on linux those are files with .so extension) are loaded into memory assigned to that process. So if there was an update of libraries used by your server process, and those libraries are loaded into process memory space, you will need to restart your server instance in order to load new version of those libraries.
For linux, there is utility that can help. lsof lists all opened files. It has useful option, DEL, which list all opened files that are marked for deletion.
This example shows that postgres still uses deleted version of libcrypto library.