From owner-freebsd-questions Mon Apr 22 16:51:45 2002 Delivered-To: freebsd-questions@freebsd.org Received: from rain.macguire.net (sense-sea-MegaSub-1-125.oz.net [216.39.144.125]) by hub.freebsd.org (Postfix) with ESMTP id 9876237B446 for ; Mon, 22 Apr 2002 16:50:41 -0700 (PDT) Received: (from roo@localhost) by rain.macguire.net (8.11.6/8.11.6) id g3MNnjW53945; Mon, 22 Apr 2002 16:49:45 -0700 (PDT) (envelope-from roo) Date: Mon, 22 Apr 2002 16:49:45 -0700 From: Benjamin Krueger To: Rafter Man Cc: freebsd-questions@FreeBSD.ORG Subject: Re: [security] Re: Mysterious sshd "starting itself" at bootup Message-ID: <20020422164944.E52937@rain.macguire.net> References: <20020422110818.17894.qmail@linuxmail.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020422110818.17894.qmail@linuxmail.org>; from rafter@linuxmail.org on Mon, Apr 22, 2002 at 07:08:18PM +0800 X-PGP-Key: http://www.macguire.net/benjamin/public_key.asc Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG * Rafter Man (rafter@linuxmail.org) [020422 16:38]: > ----- Original Message ----- > From: "Peter Leftwich" > > It was my understanding that the stuff in /etc/rc.network have some > > dependencies on what the sysadmin has configured IN /etc/rc.conf as there > > are some lines in my /etc/rc.network that say: > > > > case ${sshd_enable} in > > [Yy][Ee][Ss]) > > > > And some lines in my /etc/rc.conf that say: > > > > sshd_enable="NO" # Enable sshd > > > > ...which in other words would match the /etc/rc.network stuff above were it: > > > > case ${sshd_enable} in > > [Nn][Oo]) > > Maybe it is just me, but for security reasons I think that it should only be possible to start services > from 1 file/place at bootup. So that you in /boot have a directory for the system bootup files (all for them) > and one for user and other (programs and services) bootup files. > This way ALL the boot files and in /boot and services like FTP, SMTP, SSH, HTTP can not be started > by system files, but only by user/other files. > > Likewise I think that there should be a /etc/services directory with underdirectories like: > /etc/services/ftp and ALL the configuration files for ftp should be there, but maybe I am > the only one who likes it when things are sooooo simple. > > I am VERY pleased to see that FreeBSD 5.0 have put some order in the FreeBSD filesystem, but > I still think there are to many exampels for configuration files not "in place". Meaning > that in order to setup (fx) sendmail, you have to studie which bootfiles it writes to and > where it put all it's own configuration files, things could be a lot easier if all were in > "the right place". > So when you install a service, fx sendmail files go here: > /boot/services/sendmail.sh (if the files is a script then run it) > /etc/service/sendmail/ all sendmails configuration files > /usr/services/sendmail/ all sendmails other files. > > Or is this just plain dumb? > > /rafter I believe the logic here is that base system services belong in /etc with their related files, and extra third party or optional services belong in /usr/local/etc with their related files. It keeps the two seperate and clean. -- Benjamin Krueger "Life is far too important a thing ever to talk seriously about." - Oscar Wilde (1854 - 1900) ---------------------------------------------------------------- Send mail w/ subject 'send public key' or query for (0x251A4B18) Fingerprint = A642 F299 C1C1 C828 F186 A851 CFF0 7711 251A 4B18 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message