Date: Mon, 22 Apr 2002 16:49:45 -0700 From: Benjamin Krueger <benjamin@macguire.net> To: Rafter Man <rafter@linuxmail.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: [security] Re: Mysterious sshd "starting itself" at bootup Message-ID: <20020422164944.E52937@rain.macguire.net> In-Reply-To: <20020422110818.17894.qmail@linuxmail.org>; from rafter@linuxmail.org on Mon, Apr 22, 2002 at 07:08:18PM %2B0800 References: <20020422110818.17894.qmail@linuxmail.org>
next in thread | previous in thread | raw e-mail | index | archive | help
* Rafter Man (rafter@linuxmail.org) [020422 16:38]:
> ----- Original Message -----
> From: "Peter Leftwich" <Hostmaster@Video2Video.Com>
> > It was my understanding that the stuff in /etc/rc.network have some
> > dependencies on what the sysadmin has configured IN /etc/rc.conf as there
> > are some lines in my /etc/rc.network that say:
> >
> > case ${sshd_enable} in
> > [Yy][Ee][Ss])
> >
> > And some lines in my /etc/rc.conf that say:
> >
> > sshd_enable="NO" # Enable sshd
> >
> > ...which in other words would match the /etc/rc.network stuff above were it:
> >
> > case ${sshd_enable} in
> > [Nn][Oo])
>
> Maybe it is just me, but for security reasons I think that it should only be possible to start services
> from 1 file/place at bootup. So that you in /boot have a directory for the system bootup files (all for them)
> and one for user and other (programs and services) bootup files.
> This way ALL the boot files and in /boot and services like FTP, SMTP, SSH, HTTP can not be started
> by system files, but only by user/other files.
>
> Likewise I think that there should be a /etc/services directory with underdirectories like:
> /etc/services/ftp and ALL the configuration files for ftp should be there, but maybe I am
> the only one who likes it when things are sooooo simple.
>
> I am VERY pleased to see that FreeBSD 5.0 have put some order in the FreeBSD filesystem, but
> I still think there are to many exampels for configuration files not "in place". Meaning
> that in order to setup (fx) sendmail, you have to studie which bootfiles it writes to and
> where it put all it's own configuration files, things could be a lot easier if all were in
> "the right place".
> So when you install a service, fx sendmail files go here:
> /boot/services/sendmail.sh (if the files is a script then run it)
> /etc/service/sendmail/ all sendmails configuration files
> /usr/services/sendmail/ all sendmails other files.
>
> Or is this just plain dumb?
>
> /rafter
I believe the logic here is that base system services belong in /etc with
their related files, and extra third party or optional services belong in
/usr/local/etc with their related files. It keeps the two seperate and
clean.
--
Benjamin Krueger
"Life is far too important a thing ever to talk seriously about."
- Oscar Wilde (1854 - 1900)
----------------------------------------------------------------
Send mail w/ subject 'send public key' or query for (0x251A4B18)
Fingerprint = A642 F299 C1C1 C828 F186 A851 CFF0 7711 251A 4B18
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020422164944.E52937>