Subject: Re: inetd.conf [sommerfeld@netbsd.org: CVS commit: basesrc]
To: Mike Pelley <mike@pelley.com>
From: Andrew Gillham <gillhaa@ghost.whirlpool.com>
List: tech-net
Date: 06/06/2000 14:30:16
Mike Pelley writes:
> > Indeed.  I'd rather see inetd running idle and listening on no sockets.
> > Then users need only follow the tried and true recipe of editing
> > /etc/inetd.conf and then kicking the already running inetd to get things
> > going.
> 
> I agree - I think many less experienced users may not be aware of the inetd
> switch in rc.conf, and yet know that to enable a service they have to edit
> inetd.conf and hup inetd.  I imagine there will be a few users banging their
> head on the console trying to get their smtp/ftp/etc. server running if we
> disable inetd in rc.conf.

The same could be argued for any other service that sits and waits for
incoming connections.  E.g. are we going to ship with sendmail=YES and
a sendmail.cf that only listens on local sockets?  Then the user just
needs to edit sendmail.cf and hup sendmail.
Or how about nfs_server=YES, and an empty /etc/exports, so the user just
creates /etc/exports and hup's nfsd?
Or pre-install apache/mysql/squid/whatever, and leave it running with a
configuration file that disallows anything except local access?

Yes, my examples may be a bit on the extreme and/or silly side, but if the
service is not (or can't be) used, why run it?

My personal opinion is that there is no point in running inetd if it has
nothing to do.  Why have a process sitting there taking up valuable resources
to do absolutely nothing, just because it will be "a little easier" for a
person that is already confused about not being able to telnet to their
fancy new BSD box.

Is anyone thinking about adding a script to easily enable these services
if desired?  I would think that would be more useful to a new user than
leaving inetd running.

I could see something like this:
# enable telnet
Please wait while rc-dot-confSHIELD prepares to enable telnet.
Do you want to enable the default, or custom?
Please type next.
Now enabling telnet.
Please type finish.
Your machine must be restarted, do you wish to reboot? Yes/No?
[reboot]

# enable ftp
Please wait while rc-dot-confSHIELD prepares to enable ftp.
Do you want to enable the default, anonymous, or custom?
Please type next.
Now enabling ftp.
Please type finish.
Your machine must be restarted, do you wish to reboot? Yes/No?
[reboot]

goto top;

Ok, stupid humor aside, when the base system becomes PKGized, there
will need to be a way to enable things in inetd.conf and rc.conf, so
I suppose 'pkg_installSHIELD' will need to be able to add/edit both.

Unless the user should be expected to "pkg_install ftpd" and then have
to enable it in inetd.conf/rc.conf?

Why oh why can't these things be an option in sysinst?  Then the "default"
can be "I'm so paranoid", and unsuspecting user will get what they 
deserve. :-)  Oh, I'm sorry, I meant that the knowledgeable user can
select "Can I play daddy" and actually get telnet without having to edit
files in /etc.

I understand the desire to disable unnecessary services, but please at
least make it easy for the average joe, who doesn't know how to use the
"six" editor, to enable the basics. :-)  Otherwise people that have to
support remote installations of NetBSD will have yet another thing to
be configured before they can connect in remotely.

Or is NetBSD going to ship with ssh installed and enabled by default?

-Andrew
-- 
-----------------------------------------------------------------
Andrew Gillham                            | NetBSD ist Affengeil.
gillham@whirlpool.com                     | Nachts ist es kaelter
I speak for myself, not for my employer.  | als draussen.