Date: Sun, 27 Aug 2006 13:18:36 -0400 From: Mike Meyer <mwm-keyword-freebsdhackers2.e313df@mired.org> To: Dirk Engling <erdgeist@erdgeist.org> Cc: hackers@freebsd.org Subject: Re: jails, cron and sendmail Message-ID: <17649.54252.987757.501860@bhuda.mired.org> In-Reply-To: <44F1B7B7.9090701@erdgeist.org> References: <44F0E38F.5030809@erdgeist.org> <17648.59470.572563.377998@bhuda.mired.org> <20060827052733.F16322@erdgeist.org> <17649.9146.307818.780974@bhuda.mired.org> <44F1B7B7.9090701@erdgeist.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In <44F1B7B7.9090701@erdgeist.org>, Dirk Engling <erdgeist@erdgeist.org> typed: >> That's just a default. You can can change it by adding > > cron_enable="NO" to /etc/rc.conf in each jail. So maybe the question > > should be "Why haven't your turned off cron in the jails?" > > Because the system uses cron to start its periodic scripts. The periodic > scripts are cool and useful in jails, especially the security scripts. > Thus I wont turn off cron. You mean the security scripts that send out email by design? Or do you mean the ones that scan the disk for suspicious binaries and changes - which are duplicating the work that the same scripts running in the native OS? > > The default configuration doesn't expose sendmail to the publicly > > visible IP addres. The daemon it runs only listens for connections to > > the localhost address. > Which is rewritten to the jails (externally visible) address on a connect() Yup. I wasn't aware of that strange behavior of jails. That should be fixed. > > If your concern is that shutting off a subsystem can break things - > > I'd say that's a *good* thing. One of the things that make Unix > > powerful is that it assumes the user knows what they are doing. > This is... a strange opinion... If the default exposes an unwanted > service to the world, then turning it off should not require indepth > knowledge in how to prevent other things in the system to break. The > service should not even be there in the first place. My opinion may be strange, but it's based on decades of dealing with systems that don't do that, and I've been hearing it from my mentors ever since I first sat down in front of a v6 terminal. The Unix programming model has largely taken over the world, so you may have never been exposed to systems where the OS designers assumed that they knew better than the application developers what those applications developers needed to do. If so, you're lucky - it's incredibly frustrating. So is doing that kind of thing to admins [story about dump/restore being unusable on AIX deleted] or users [lots of complaints about Linux and Windows deleted]. The problem is, you're assuming that what *you* want is what everyone wants, so the system should just do that. That isn't the case. In general, the mail system isn't "an unwanted service". The default install is supposed to be a fully functional Unix system. That means it has a working mail system. Nor does it expose that service to the world in the intended install environment - which is outside of a jail. If you're futzing around with jails, you're doing fairly advanced things. I don't think it's to much to expect such people to know what they are doing. > > Given the choice between a system that does exactly what I tell it > > to, and one that second guesses me, makes changes behind my back, and > > makes setting things up the way I want a PITA, I know which one I > > want. > I would chose and recommend the system that provides sane and secure > defaults without requiring me to understand all of the OSs sub systems. The freebsd defaults *are* sane and secure - at least according to a fairly large percentage of the users. They aren't sane and secure for everyone - that's simply not possible. Extreme versions of "secure" are generally well outside anything most users would consider "sane". You get this sane and secure setting without having to understand all of the OSs sub systems. Of course, if this setting doesn't meet your definition of "sane and secure", there are ways to change it. Once you start mucking about with the system, you have to know what you're doing. > Detecting that /etc/ is inside a jail environment and adjusting your > sendmail and periodic settings would be a nice thing to have. No, it wouldn't. Why do you think everyone wants a system that doesn't have mail just because it's in a jail, or don't mind running duplicate disk scanners, or .... I think the better fix would be to make jails not expose their localhost IP address to the outside world. Of course, a knob in rc.conf that says "this system has no functioning mail" and caused all the subsystems that expected to send mail (which includes more than just periodic) might be useful, and would also solve the problem. However, that's *not* a sendmail knob - because sendmail isn't the only possible mail software you could have installed. On the other hand, it's not clear that this adjustment can be done rationally without knowing something about what the user expects. And unfortunately, it would still require you to actually know something about the system in order to use it effectively. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17649.54252.987757.501860>