[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: racoon and bug 372665

On Wed, Mar 07, 2007 at 07:17:00AM +0530, Ganesan Rajagopal wrote:
> >>>>> "Milan" == Milan P Stanic <mps@oss.co.yu> writes:
> > I don't think so (except maybe udev, but servers can happily work without
> > udev). What is the reason to start nfs from "one time initialization"
> > subsystem? Portmap and nfs can be started in runlevel 2 to 5.
> That's debatable. However current Debian policy as per /etc/rcS.d/README is 
> =====
> The following sequence points are defined at this time:
> * After the S40 scripts have executed, all local file systems are mounted
>   and networking is available. All device drivers have been initialized.
> * After the S60 scripts have executed, the system clock has been set, NFS
>   filesystems have been mounted (unless the system depends on the automounter,
>   which is started later) and the filesystems have been cleaned.
> =====

Yes, it is true. But is also says that:
The scripts in this directory whose names begin with an 'S' are executed
once when booting the system, even when booting directly into single
user mode.

Look at "are executed once". Daemons could be executed once when booting
the system but also could be stopped, started and restarted during normal
server (or workstation) operation.

> Besides NFS, if your entire access to the network requires IPsec, you cannot
> even ssh outside the box unless racoon sets up a tunnel. It's really a
> critical service in that sense.

So could be other VPN subsystems (OpenVPN, VPNC, SSH etc).

I would think that mountnfs.sh should be moved somewhere else
(/etc/rc{2-5}.d/) where portmap have symlinks already. If we mount
remote filesystems so early why samba is not started from /etc/rcS.d/ ?

Policy is ambiguous (at least) here, IMO.

Reply to: