From owner-freebsd-doc@FreeBSD.ORG Thu Oct 14 13:21:34 2004 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6649016A4CE; Thu, 14 Oct 2004 13:21:34 +0000 (GMT) Received: from pittgoth.com (14.zlnp1.xdsl.nauticom.net [209.195.149.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id C368143D58; Thu, 14 Oct 2004 13:21:33 +0000 (GMT) (envelope-from trhodes@FreeBSD.org) Received: from localhost (64-144-75-99.client.dsl.net [64.144.75.99]) (authenticated bits=0) by pittgoth.com (8.12.10/8.12.10) with ESMTP id i9EDLWex072225 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 14 Oct 2004 09:21:32 -0400 (EDT) (envelope-from trhodes@FreeBSD.org) Date: Thu, 14 Oct 2004 09:22:13 -0400 From: Tom Rhodes To: "Simon L. Nielsen" Message-ID: <20041014092213.22d6914d@localhost> In-Reply-To: <20041014102459.GD799@zaphod.nitro.dk> References: <416E4DFD.3040203@FreeBSD.org> <20041014102459.GD799@zaphod.nitro.dk> X-Mailer: Sylpheed-Claws 0.9.12b (GTK+ 1.2.10; i386-portbld-freebsd5.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: Tom Rhodes cc: freebsd-doc@FreeBSD.org cc: Denis Peplin Subject: Re: TCP Wrappers section (handbook/security): services is not daemons X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2004 13:21:34 -0000 On Thu, 14 Oct 2004 12:24:59 +0200 "Simon L. Nielsen" wrote: > On 2004.10.14 13:59:25 +0400, Denis Peplin wrote: > > ["s/daemons/services/g" in TCP Wrappers section] > > Please, look at patch attached. > > Personally I don't care much either way, but hosts_access(5) at least > refers to the server programs as "daemons". Snip from host_access(5): > > daemon_list : client_list [ : shell_command ] > > daemon_list is a list of one or more daemon process names (argv[0] val- > ues) or wildcards (see below). I won't object to the patch; as if being the author gives me any more right. But I would like to point out that to my knowledge every book I've seen which discussed tcpwrappers used 'daemon'. Think of it this way, a daemon 'qpopper' offers POP3 mail access, to allow this service you need to add qpopper to hosts.allow. If you just list pop3, you'll see everything break. I consider a daemon a utility/program/whatever the item that delivers the service we need, as in the example above. Since I know that I'm not alone in that train of thought, I'll let you choose. If you say "just add the service" then you'll break the ACL in TCP Wrappers for every instance that the service is not the name of the daemon: ... nevermind, I really can't think of an example other than services marked 'internal' in inetd.conf; those have no external daemon associated with them. -- Tom Rhodes