Bug#1001320: needrestart misdetects socket activated ssh and restarts service instead of socket

To: Timo Weingärtner <timo@tiwe.de>, 1001320@bugs.debian.org
Cc: Marc Haber <mh+debian-packages@zugschlus.de>
Subject: Bug#1001320: needrestart misdetects socket activated ssh and restarts service instead of socket
From: Colin Watson <cjwatson@debian.org>
Date: Fri, 24 Dec 2021 23:04:20 +0000
Message-id: <YcZR9E1/HXQJBB+7@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 1001320@bugs.debian.org
In-reply-to: <[🔎] 9131565.Y7gza5jLEj@timo01.tiwe.de>
References: <[🔎] 163896670837.2474423.2692210110997511725.reportbug@fan.zugschlus.de> <[🔎] 4128449.5qcUtGkdVP@timo01.tiwe.de> <[🔎] YcWtbdgT9LT85aUP@torres.zugschlus.de> <[🔎] 163896670837.2474423.2692210110997511725.reportbug@fan.zugschlus.de> <[🔎] 9131565.Y7gza5jLEj@timo01.tiwe.de> <[🔎] 163896670837.2474423.2692210110997511725.reportbug@fan.zugschlus.de>

On Fri, Dec 24, 2021 at 02:21:16PM +0100, Timo Weingärtner wrote:
> 24.12.21 12:22 Marc Haber:
> > So we agree here that it's mainly a documentation issue for ssh, so that
> > it should be recommended to actually mask ssh.service if socket
> > activation is used, right?
> 
> For the bug on openssh: yes.
> 
> Documentation could look like:
> If you decide to use socket activation consider masking ssh.service to avoid 
> accidentally doing the wrong thing with "service ssh restart" or equivalent.

How does this patch look?

diff --git a/debian/README.Debian b/debian/README.Debian
index dbe6c2958..0851e38e3 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -193,9 +193,12 @@ you can run:
 
 To make this permanent:
 
-  systemctl disable ssh.service
+  systemctl mask ssh.service
   systemctl enable ssh.socket
 
+("systemctl disable ssh.service" would also work, but masking avoids
+accidentally starting the service manually.)
+
 This may be appropriate in environments where minimal footprint is critical
 (e.g. cloud guests).  Be aware that this bypasses MaxStartups, and systemd's
 MaxConnections cannot quite replace this as it cannot distinguish between

-- 
Colin Watson (he/him)                              [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Bug#1001320: needrestart misdetects socket activated ssh and restarts service instead of socket
  - From: Marc Haber <mh+debian-packages@zugschlus.de>

References:
- Bug#1001320: needrestart misdetects socket activated ssh and restarts service instead of socket
  - From: Marc Haber <mh+debian-packages@zugschlus.de>
- Bug#1001320: needrestart misdetects socket activated ssh and restarts service instead of socket
  - From: Timo Weingärtner <timo@tiwe.de>
- Bug#1001320: needrestart misdetects socket activated ssh and restarts service instead of socket
  - From: Marc Haber <mh+debian-packages@zugschlus.de>
- Bug#1001320: needrestart misdetects socket activated ssh and restarts service instead of socket
  - From: Timo Weingärtner <timo@tiwe.de>

Prev by Date: Bug#1001320: needrestart misdetects socket activated ssh and restarts service instead of socket
Next by Date: Bug#1001320: needrestart misdetects socket activated ssh and restarts service instead of socket
Previous by thread: Bug#1001320: needrestart misdetects socket activated ssh and restarts service instead of socket
Next by thread: Bug#1001320: needrestart misdetects socket activated ssh and restarts service instead of socket
Index(es):
- Date
- Thread