Re: jessie release goals
On Mon, 06 May 2013, Helmut Grohne wrote:
> On Mon, May 06, 2013 at 04:08:07PM +0200, Christoph Anton Mitterer wrote:
> > 1) IMHO, services/daemons (e.g. apache, ejabberd, etc.) that listen per
> > default on the network (unless loopback only) shouldn't be started per
> > default, after being installed.
>
> May I point to /usr/sbin/policy-rc.d? As has been pointed out a number
> of times now, there is no consensus on not starting daemons by default.
> To enable you as a user to change the default this policy helper is
> provided as a hook. You also might want to look at the
> policyrcd-script-zg2 package.
>
> This is not to say that the current mechanisms for achieving "do not
> start daemons at installation" are ideal. Clearly there is room for
> improvement, but the hooks are available.
Except for chroots that do not run the boot-time scripts, this mechanism
is mostly useless. /etc/init.d/rc doesn't know about policy-rc.d and thus
you can't use it to disable services that are installed on a real server.
(Or I missed something and someone need to enlighten me.)
While I believe that the "start by default" is a reasonable default,
I also believe that we should have a way for administrators to control
this more finely, and unfortunately policy-rc.d doesn't seem
to do that.
For Kali Linux, I opted to dpkg-divert update-rc.d to be able to disable
services as soon as they are installed.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Get the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
Reply to: