Re: Starting services automatically after install
On Sun, Jun 03, 2012 at 01:51:33PM +0200, Bernhard R. Link wrote:
> * Toni Mueller <firstname.lastname@example.org> [120603 11:41]:
> > Since we obviously can't agree on *how* the service is to be run, one
> > could just ask the user, eg., in the case of a printing service:
> The print servers I looked at did not allow remote access by default
> since somewhen in the 90ties.
I was only cobbling together an example for the mechanism for asking the
user I had in mind. Office stuff is not my usual realm of work, and
printing services are office stuff.
> What has slapd to do with samba and why don't you want it run?
Since you were talking about samba, and since LDAP is the standard
network-wide address book mechanism usually in place, I consider slapd a
standard office ingredient like samba (I've used it for different
purposes for several years, but decided to part with it).
As stated, the reason why a stock slapd installation is not that useful,
is that it is extremely hard to do some schema chances, should you have
the need for them, after the database has been installed, and that ACLs
and such are outside of the realm of the package installation. So if you
need one of a non-standard schema, a custom ACL, or something else, like
replication, you are (afair) out of luck with just the debconf-powered
postinst, and need to hand-tune the configuration. Running with the
default database is at least a nuisance in this situation.
> actually I'd be quite confused if slapd had not been already running
> after installing...
> Sorry, you have to explain this. Do you claim apache has a security
> concern in its default config?
No, but for me, it has a usability problem in the default config. But
then, I'm doing away with it as best as I can, anyway.
> That I do not have to do it? Either I have copied the config first or
> for a full install that will get a reboot anyway when deployed.
The common case is probably more like "I want service X, now I install
the package and see how I can configure it to suit my needs." In the
meantime, one has to prevent the service from doing anything unwanted.
If you have a config before installing the software, we are talking
about a completely different use case that would likely include a lab
setup as well. I don't ask that Debian be optimized for that case.
> > Asking the unwitting user and providing a default answer of 'yes' should
> > solve the problem, imho - the slightly more experienced user can then
> > at least opt for 'no'.
> That's called policy.d. (though I feel like repeating others here).
Thanks for pointing it out. I'll take a look.