Re: Starting processes after installation

To: Sebastian Hyrwall <sh@keff.org>
Cc: debian-user@lists.debian.org
Subject: Re: Starting processes after installation
From: Dan Ritter <dsr@randomstring.org>
Date: Wed, 25 Sep 2019 08:36:20 -0400
Message-id: <[🔎] 20190925123620.bdrimg2ftsoyjfka@randomstring.org>
In-reply-to: <[🔎] 7124f83b-d806-f4b4-9258-6e18a0fd6365@keff.org>
References: <[🔎] 7124f83b-d806-f4b4-9258-6e18a0fd6365@keff.org>

Sebastian Hyrwall wrote: 
> Hi
> 
> Just a question. Is there anyone except me that thinks that autostarting
> processes after installation , via apt, is completely bonkers?
> 
> It's been like this for ages but can anyone name any good reason for
> this to be default?
> 
> There must be a damn good one or it would have been disabled long time ago.

It turns out that Debian is relatively old. I've been using it
since 1996 or so, and it was in version 2.1 back then. (I
haven't bothered to check this.)

Back then, nearly all servers could do reasonable things without
any additional configuration. FTPd, httpd, ntpd, sendmail: the
install process could reasonably pop good enough values in a
config file without any user intervention, start the daemon, and
it would Just Work.

Debian has three real options:

1. Don't change policy. Many daemons will start up smoothly;
some of them will come up with snakeoil SSL certs, and some of
them will come up with configs that are technically working but
don't do anything useful without further configuration. The
good thing about this is that you can do things like install a
web application that depends on a database and get a working but
not-very-useful system immediately. The bad thing is that the
default choices are probably wrong, and you need to go do config
immediately anyway.

2. Change the policy to default to off. Good: better security,
fewer running-but-badly-configured services. Bad: it's hard to
get a database user and schema installed when the database isn't
running, so users/admins will need to do more explicit work.
It's really terrible to install sshd on a remote server, reboot
it, and then discover that sshd doesn't start by default.

3. Change the policy so that simple daemons default to an
immediate start -- anything where the immediate config is likely
to be useful -- but complex daemons default to off. Good: best
of both worlds. Bad: worst of both worlds; you won't know when
it's your fault until you do explicit checks.

-dsr-

Reply to:

Follow-Ups:
- Re: Starting processes after installation
  - From: Sebastian Hyrwall <sh@keff.org>

References:
- Starting processes after installation
  - From: Sebastian Hyrwall <sh@keff.org>

Prev by Date: Re: GRUB key repeat too fast
Next by Date: unsubscibe from mailing list
Previous by thread: Starting processes after installation
Next by thread: Re: Starting processes after installation
Index(es):
- Date
- Thread