On Wednesday 06 October 2004 19:11, Philippe Vogel wrote:
Hello!
There are several errors reguarding SuSE 9.1. I would better call them children http://dict.leo.org/?p=14/p..&search=children's http://dict.leo.org/?p=14/p..&search=s disease http://dict.leo.org/?p=14/p..&search=disease. For users with much linux-practise it will not be a too big problem to solve them, for beginners it is an unsolveable issue and there are damn no support-pages on the SuSE homepage reguarding this issues. For this here are the issues I had and my olutions for this. @SuSE: Why are this well-known problems not fixed within a hotfix?
1)
Oct 6 06:25:01 tux-box kernel: NETDEV WATCHDOG: eth0: transmit timed out Oct 6 06:25:01 tux-box kernel: eth0: 21140 transmit timed out, status fc670045, SIA fffffff0 ffffffff 1c09fdc0 fffffec8, resetting...
I'm no expert on this coldplug matter, but isn't this [what is seen in the logs] just a not-too-well-supported card/driver issue ?
2)
Issue:
Some services start and stop like they want. O.K. you say this is not security-related, but what happens if your desired service doesn't start because of this issue?
Hotfix:
Edit /etc/init.d/SERVICE and add the services to start before here: # Requires-Start: SERVICE(LIST)_TO_START_BEFORE
yast/system/runleveleditor -> add and remove services and write config.
Here you should know, what to do. The next reboot all will do fine.
I do not understand this... I see lines like # Required-Start: $network $syslog $remotefs in the init-scripts. What's wrong here ?
3)
Issue:
Networkinitialization is confusing because of missing aliases to the apropriate network cards. If you are planning a firewall, router or gateway you maybe want to know which card is which and without beeing David Copperfield foreseeing which card will boot next time as eth0. SuSE 9.1 with kernel 2.6 uses eth-id instead of eth-aliases in /etc/modules.conf which is empty now (and the system will not care a lot what's inside an empty compatibility-file afaik maybe sooner or later in 9.2). If you use a managed switch with learning function or a license-server you need to have the right order assigned to the cards. If you use eth-id instead of ethx in SuSEfirewall all will work well, except a licenseserver, because as every user is evil the security-solution providers only allow bindings to eth0 for licenserver ehernet-id's.
Hum, I assume this does not apply to kernels 2.4.x ? Because I've never ever had my NICs mixed / messed up after a reboot...
4)
Issue: Some services can be started chroot, but all others are not offered to be started localhost only or bind to a specific Interface or IP.
Yes. This is a (very) good point for (especially) the mysql setup. For samba I rather hesitate though, since the very point of samba is giving _remote_ machines access. I know of no people who (re)mount their own shares through samba (what would be the point, losing CPU cycles and speed?;)
6)
Issue:
Winbind loggs the loggs full with errors because of using winbind after installing winbind with samba 3.
Can't comment... This is new to me.
7)
Issue:
SSH allows root to login but imo nobody wants to have this.
That is up for debate but I for one agree with you. I'd go one further and set it to PermitRootLogin without-password
8)
Issue:
Limiting rights of users is not really setup secure within SuSE.
Hotfix:
- give www/ftp/samba-users only /bin/false - give admins /bin/bash - edit /etc/limits.conf to your needs to limit users acl's on systemlevel
This should be set per default after choosing network services or serverservices packages within Yast (minimal system & no X).
This is open for debate, too. I once played with limits a long time ago, and the only thing that lead to was "random" crashes of programs (which obviously had some sort of memory leak). And what would you suggest as figures ? On a 1GB desktop box I'd hate to have a 256MB limit on programs, and on a 128MB tiny server that same setting would be useless. Apart from that, what would be the danger of having /bin/bash on a locked account ?
9)
Issue:
Postfixconfiguration is a mess when using cyrus + imap + sasl-auth/smtp-auth or any other non-standard-setups.
Valid point, but how far are you willing to go on this ? I know a lot of setups that don't work out of the box, but then again this is not the "Enterprise Server" (where, I suppose, things are better integrated)
10)
Issue: Problem XY happens because of not enough testing
SuSE's reaction: Look at the support-pages.
Valid. Very valid. Very very valid point.
11)
Commonly used software works well, other more complex setups and their provided software works only after doing a handjob to the configs. O.K. it is easy to say this, but all bulletting boards are full of questions but less in qualified answers. This wouldn't be if there was more whise thinking within Yast and SuSEconfig. SuSEconfig always drops my handedited stuff so I disabled it by default. Linux is linux not depending on the distribution only depending on where the files are.
I beg to differ about SuSEconfig. I hardly ever get bitten by Yast overwriting my own handmade settings. Quite the opposite, I think Yast deserves a kudos for managing as good as they're doing at this point. Well, I have some of my own to add, too: With the remark that most of this is based on my experiences with 9.0, so I alas cannot really vouch for 9.1... 12) When defining a raid setup at install time, you can _add_ arrays but you cannot delete (or even change!) arrays that were previously defined. Similarly, I doubt that the integration of mdadm (and /etc/mdadm.conf!!) is yet near complete. 13) The HWdb is old / unmaintained / awkward. Try and find out which gigabit ethernet cards are supprted and which are not. You will not succeed... 14) The hotplug mechanism for inserting USBdrives is either broken or just too opaque for me. One cannot make desktop icons / shortcuts for a card since after boot the cards get IDs based on the order you insert them. Furthermore, cards with more than 1 partition are not fully recognized. 15) Grub and Lilo still (sometimes) pose near insurmountable problems when dealing with raid devices. The rescue media are not well suited to fix these issues. (I'll admit this also stems from my insufficient knowledge of installing grub manually though) 16) The IDE DMA settings do set DMA mode but omit the 3 other speed-enhancing settings (hdparm -m16 -u1 -c1). This is open for debate however (see man hdparm) so it might be a conscious decision. Maarten -- When I answered where I wanted to go today, they just hung up -- Unknown