Date: Wed, 1 Aug 2001 09:05:56 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: Mike Porter <mike.porter@xrxgsn.com> Cc: arch@FreeBSD.ORG, "Derek C." <coffee@blarg.net>, stable@FreeBSD.ORG Subject: Re: Patch to modify default inetd.conf, have sysinstall prompt to edit , inetd.conf Message-ID: <Pine.NEB.3.96L.1010801090219.59100D-100000@fledge.watson.org> In-Reply-To: <00e501c11a45$f2165520$0300a8c0@laptop>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 31 Jul 2001, Mike Porter wrote: > Seems like a pretty good idea to me; although it seems to me that > perhaps disabling SSH by default is overkill; certainly I think that it > is a good idea to disable telnet by default...nearly eveyone who NEEDS > it should be able to add it easily enough...however... Actually, although I'm happy with the current default of enabling SSH for now, if there isn't already a sysinstall post-install config twiddle for SSH, we should probably add one. To be honest, a "default all off" policy, with the opportunity to enable easily in sysinstall, might be better than turning SSH on by default. Maybe we'll do that for 5.0-RELEASE :-). > >>concerning enabling and disabling services. It also modifies sysinstall > >>such that enabling inetd in the post-install configuration describes inetd > >>more than previously, mentions the risks, and then also presents the > >>opportunity to edit inetd.conf if inetd is enabled. Also, during the > >>normal install, the user is automatically prompted to enable or disable > >>inetd in much the same style as the NFS server. > >> > [snip the details] > It also seems to me that a better solution than just editing inetd.conf > (especially for novice users) would be a sub-menu, similar to the one > used to enable inetd and NFS and the like, allowing a user to check > which services are desired. Of course, I am not familiar with > sysinstall internals, so I don't know how much work this really entails, > its just an idea. This is true--however, the inetd.conf file doesn't lend itself to automated management, as it doesn't have an inline "disabled" flag. To disable a service, you comment it out, making it hard for a program to distinguish things which are legitimately comments, and things that are disabled services. In the long term, it would probably make sense to develop some sort of administrative tool for inetd.conf: however, I concluded that doing so prior to 4.4-RELEASE was unlikely, and opted for this. In the future, if such a tool is developed, I'd be happy to slot it in instead of invoking EDITOR on it :-). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010801090219.59100D-100000>