* Hartmut Gerlicher (h.gerlicher@tu-bs.de) [19990922 13:25] spoke: [...] | what is/does nscd? | | and why the hell it is enabeld by default? | | (I hate programs beeing enabeld by default [...] I enjoyed reading this thread. Yes, most of you *hate* sloppy default-setups, and those security holes a SuSE-System has, if used by an unexperienced user. But, i think it's not fair to blame SuSE for that ( well, especially if they documented their policy anywhere... e.g. drop a note about things like nscd..) they do a damn good job in helping unexperienced users to get a working system set up, a system that *can* be made secure afterwards, without having to build from scratch. A newbie *can* use it out of the box, can play and test a lot, without having to bother to get the stuff simply to run. Imagine, how disappointing it is for a newbie, if he *cant* test all that funny services on his localhost, if he had to wander through all collected wisdom of wizardhood, just for getting to know how a UNIX behaves. Of course, this system *can not* be perfectly secure, by far not secure enough for a cable connection w/ statIP. You have to know what you're doing then, and YaST *can* be a valuable help then ( can be a threat also.. ;-) ). I'd suggest to the SuSE-People to prepare some kind of 'profile', with an outline of a setup for various tasks, and ask the user, if he wants a machine for standalone, family or www-server use. These set of permissions from "easy" to "paranoid" is already a good idea; why not try something in this fashion for the services ? Maybe increase the verbosity-level of package selection ( "hey U idiot, don't tell me U want *that* package on a server ? No, i won't install that." ) ;-) Bye ! -- Gruss / with best regards Jens-Eike Jesau <jens@hp9001.fh-bielefeld.de> /*************************************************************************** * `v'- Home: hp9001.fh-bielefeld.de/~jens * || |`. Linux on a single Disk: www.toms.net/rb * " The number of UNIX installations has grown to 10, with more expected " ( The UNIX Programmers Manual, 2nd Edition, June 1972.) */