Comment # 5 on bug 1094934 from 
(In reply to Knut Alejandro Anderssen Gonz�lez from comment #3)
> (In reply to Giacomo Comes from comment #2)
> > I have another related question.
> > During the installation, if I need it, in the linuxrc settings menu I select
> > the option VNC Enable or Disable and I use VNC for Install.
> > After I complete the installation and the system rebooted, I need to run:
> > yast remote allow set=no
> > in order to disable remote administration that was automatically enabled
> > when I choose to use VNC for the installation.
> > However that's not enough. The services tigervnc tigervnc-https are also
> > open in the firewall and the command "yast remote allow set=no" does not
> > close them.
> > Should such command also close the firewall for tigervnc tigervnc-https?
> 
> Well, the cmdline client itself does not open or close the tigervnc
> firewalld service in the firewall. It is specific to the installer to open
> the service by default if the option was given although it can be closed if
> selected.
> 
> You can close it in the proposal if you want to close it after the
> installation.
> 
> Probably make sense to open or close the service in the firewall when
> configured through the cmdline but also could be an unexpecped behavior, so
> it should be discussed.

You are right. Because it is the installer and not the command line client to
open the firewall service, then the command line should not do it.

And it is also true that in the proposal it is possible to close the tigervnc
service in the firewall.

However, what is missing in the proposal, is the possibility to disable remote
administration after the installation.

In the past at some point I discovered that same of my installations had remote
administration enabled and some not. That was a mystery until I found that if I
enabled VNC during the installation, that would leave remote administration
enabled. And nowhere during the installation process the user is made aware of
that. So the proposal should offer the possibility to disable remote
administration.
Maybe this feature can go in the SCRUM backlog as for bug 1094924 and 1094927.

You are receiving this mail because: