Good system practices (Was: How to understand what screensaver...)

Mikkel L. Ellertson mikkel at infinity-ltd.com
Fri Jul 21 15:21:09 UTC 2006 

Ambrogio wrote:
> Il giorno mer, 19/07/2006 alle 10.48 -0500, Mikkel L. Ellertson ha
> scritto:
>> Ambrogio wrote:
> 
>> If you are starting services "at least 10 times in an hour", then
>> there is something wrong with your setup. Most services are start at
>> boot and forget about them. If it is a seldom needed service, you
>> might considering starting it on demand from from xinetd instead of
>> manualy starting it.
> Ok, this is an example.
> My today morning work.
> 
> Plug a network cable (net A)
> Set IP address (static because no dhcp)
> Set route for some other network (no default gateway available)
> Telnet on some switch.
> Start vmware (because a software can start only on windows), and use the
> software.
> Capture some data.
> Start ftp
> transfer some other data
> stop ftp
> unplug network cable (so stop network)
> Plug another network cable
> Bring up the network (here dhcp is ok)
> Start Cisco VPN because otherwise nothing works.
> Connect to some other switch.
> Connect to some machines
> after this work (1 or 2 hours in which I plug and unplug and config (by
> scripts) starts another works :-)
> Maybe the same, or maybe different, but the plugging and unplugging is
> very often.
> 
> To not say that this is on a customer. But I work all around Italy,
> visiting Customer, and all are different... each one with some paranoia,
> about VPN, about dhcp, about Antivirus, about some other...
> So everytime I have to reconfigure my pc to work, and I have to be
> speedy, smart and without error.
> 
When I first used Redhat on a laptop, I used to set up several
config files for eth0, using different interface names. None of them
were configured to come up at boot, but all were user controlled.
Then, depending on where I was, if would do /sbin/ifup eth0 for a
DHCP configuration, /sbin/ifup eth1 for the first static
configuration, and so forth. Later I created a script that let me
use descriptive names to do the same thing. (setnetwork home, or
setnetwork dhcp, etc.)

When I installed Mandrake on the laptop, I used a package called
netprofiles that would manage the network interfaces, as well as
control what services were running, the name servers used, and so
forth. With some minor changes, you could have different firewall
rules for each profile as well.

I have not played with Network Manager yet, but it sounds like it is
designed to let you do the same thing.

The thing about these tools is that you can configure your system,
and then save the current profile under a the name you want. Then
when you are at costumer 1, you set the costumer 1 profile, and so
forth. And you do not need to be root to do it.

I do not understand why you would need to be root to run VMware. If
you are running the ftp client, you can also do that as a user. If
the VPN can not be handled as part of the network profile, it is not
hard to set up a sudo command for it. You can also set up a pair of
sudo commands, without password, for the user you will be working
as, so that you can run "sudo /sbin/service ftpd start" and "sudo
/sbin/service ftpd stop" The way I would handle that is to create a
script in ~/bin to run the commands. That way, I could run something
like "ftpd start" or "ftpd stop".

But it does take a little extra work to set this up. I feel it is
worth it for the added security. Besides, it would make me nervous
to have to enter the root password every time I needed to turn off
the screen saver.

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

More information about the fedora-list mailing list