vsftpd.conf

Sean Middleditch elanthis at awesomeplay.com
Sat Sep 11 23:56:03 UTC 2004


On Sat, 2004-09-11 at 17:38 -0600, Stephen J Smoogen wrote:
> Sean Middleditch wrote:
> > On Sun, 2004-09-12 at 00:18 +0100, Paul Trippett wrote:
> > 
> >>Why not take a BSD approach and give them the option when installing the
> >>package, say for example...
> >>
> >># rpm -i vsftp....rpm
> >>Would you like to enable Anonymous logins? (y/n) [N] 
> >>Would you like to enable Local user Logins? (y/n) [N]
> > 
> > 
> > Because RPMs are absolutely never ever supposed to ask questions.
> > 
> > - What if the RPM is being installed non-interactively?
> > - What if the RPM is being installed with a GUI tool?
> > - What if the user doesn't understand English?
> > 
> > And then you get into the general usability problems - are the question
> > phrased properly?  Is "Y/N" an appropriate prompt?  etc.
> > 
> 
> Each rpm could then drop a scriptlet into a directory that gui would 
> then be able to run to set things up for it.
> 
> /etc/system-setup/
>                    vsftpd.py
>                    httpd.py
>                    samba.py
>                    kill_my_harddrive.py
> 
> And then the system-setup program would display the questions, get the 
> answers... and possibly be able to bring the system into at least a 
> bare-bones configuration.
> 
> Reset to original configuration [Yes] [No] [Help]

Again, what if the configuration data isn't translated into the user's
language?  They end up getting some vital system configuration question
they can't possibly answer?  Why the heck does this *need* to be done at
install time?  If you are going to make a configuration tool, let the
user run it them self after install.  

It shouldn't be required to ask questions to get a "bare bones" setup.
If you want a system that asks a bazillion questions on install time,
doesn't guarantee they'll be translated, doesn't guarantee they'll be
phrased intelligibly, and has tons and tons of infrastructure developed
and maintained instead of just good configuration tools and intelligent
defaults, you should install the OS produced over at
http://www.debian.org.

For network services, there isn't any good reason at all for them to be
enabled at install time.  Have them disabled by default (Fedora/RHEL has
a nice tool for enabling/disabling services even novices can use), and
if the user doesn't like the defaults, they can change them.  The .conf
file is always there, and if that's Not Good Enough, a graphical tool
that does a _lot_ more than ask some simplistic questions that probably
don't cover many likely scenarios can be developed and delivered with
the service.

What happens with new/inexperienced users that just Install Everything?
They'll get all these questions they probably don't understand.  They'll
likely end up answering all sorts of questions (and there will be a hell
of a lot of them too, if you add this infrastructure - look at Debian)
they don't understand, providing answers that are not ideal for their
situation, etc.

If the user needs the service, they can configure and enable it
manually, and things will work for _everyone_ equally well.

> 
> 
> 
> -- 
> Stephen John Smoogen	        | CCN-5 Security Team
> LANL SIRT Team Leader           | SMTP:  smoogen at lanl.gov
> Los Alamos National Laboratory  | Voice: 505.664.0645
> Ta-03 SM-1498 MS: B255 DP 10S   | FAX:   505.665.7793
> Los Alamos, NM 87545            |
> 
> 





More information about the fedora-devel-list mailing list