Services
Mike A. Harris
mharris at redhat.com
Wed Oct 15 11:57:32 UTC 2003
On Wed, 15 Oct 2003, Joakim Ryden wrote:
>> You're right. But maybe it's an example of a service that could be off by
>> default and if you need it you simply use redhat-config-services and put a
>> checkmark in front of it.
>>
>> But of course, if a service takes zero seconds to start, has no noticable
>> memory foot print and could never cause security problems it makes no sense
>> to remove it from the startup.
>
>I think a default policy of "start as little as possible" should always be the
>goal from all kinds of perspectives (security, startup time etc etc). Show me
>a piece of software that could never cause security problems and I will show
>you a very rich and famous programmer. :-)
There are different and sometimes conflicting goals however. The
merits of any decision to change something like this need to have
good benefits all around. As stated already, if starting a
service by default unconditionally allows more users systems to
just work by default, and it does not have security risks, and
doesn't have significant resource usage overhead or slow down the
bootup sequence noticeably, then there is no harm leaving
services running.
One could for example argue that many machines out there do not
run an X server, so why do we start up xfs at boot by default?
The answer is simple: It doesn't harm anything, it is not
network enabled by default, and it does make sure the font server
is running *if* someone does run it. It also dramatically
reduces the likelyhood of Red Hat technical support phonelines
being filled with "my X server wont start" and bug reports
hitting bugzilla from people who don't even know xfs exists or
what it does.
That same principle equally applies to other things. An end user
doesn't necessarily even know that they need to have the ISDN
service running, or PCMCIA, etc.. We may be able to make various
improvments to the scripts, startup sequence, parallelization,
etc. and optimize it much more, but we also want to make the OS
"do the right thing" for as many users as possible, and that
means things just working wherever it is easily and sanely
possible to have them just work.
The users who actually care that ISDN, etc. has started on their
systems and they don't and wont ever need it, are usually smart
enough to turn those types of services off. The users who do
need those services however are not necessarily going to know
they need to turn things on. By making the system work in a way
that works best for people who aren't necessarily experts, but
yet also doesn't make any major security compromises, and has
negligible resource usage, it's a better system overall IMHO.
Feel free to file bug RFE's in bugzilla if you think a script has
issues that we should investigate though, or if you think
something is starting that is truely unnecessary. There is
always room for improvement, as the recent xfs initscript changes
show. ;o)
--
Mike A. Harris ftp://people.redhat.com/mharris
OS Systems Engineer - XFree86 maintainer - Red Hat
More information about the fedora-test-list
mailing list