[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Starting services automatically after install

On Sun, Jun 03, 2012 at 08:21:34AM +0200, Bernhard R. Link wrote:
> * Aaron Toponce <aaron.toponce@gmail.com> [120602 16:26]:
> > However, I am calling into question the validity of starting a service by
> > default post-install. I think it introduces security concerns, possible
> > headaces on the local LAN, and just unnessary work for the administrator.
> > Other than "if you don't want a service, don't install the package"
> > agrument, I don't understand why services _should_ be started by default
> > post-install.
> Try to see it from the other side: I don't understand why you would a
> like a service not started by default.

I would like to install the software, but have my own startup procedure
in many cases. Also, it's much easier to just install a package in order
to start reading the man pages, than manually grabbing the package file,
manually unpacking it somehwere as a user, and then manually touring the
included documentation.

So yes, I will most likely run the software at some point, but
frequently prefer to conduct some in-depth studies first - sometimes,
a Debian package deviates considerably from upstream's or other
distributions' conventions.

> The daemon is there to be run, so running it is the most sensible
> approach in almost all cases[1].

Since we obviously can't agree on *how* the service is to be run, one
could just ask the user, eg., in the case of a printing service:

  "I just installed the file sharing service. Do you want to start
  sharing immediately (will allow other people to access ....

But for a more real-world example, consider slapd, which also starts
immediately, but is imho quite unlikely to be configured appropriately
by Joe Average User who doesn't understand that he needs to start Samba
before being able to share his files, and which is impossible to
configure appropriately by answering debconf questions in the first

> If a service comes with a default config that can be a real security
> concern, then that alone needs fixing.

Many services come, eg. Apache comes with it, too (and eg. grabs all
sockets it can, one of my pet peeves).

> As administrator I also prefer that I just have to copy a config and
> install the package. Anything not run by default (or at last by
> default once its configuration is complete) means I have to
> tweak another config file, which is uncessary annoying work.

You have to say something like '/etc/init.d/service restart', anyway,
after you put your own config into place. What's so much different from
saying '/etc/init.d/service start' instead, in such a case?

Asking the unwitting user and providing a default answer of 'yes' should
solve the problem, imho - the slightly more experienced user can then
at least opt for 'no'.

Kind regards,

Reply to: