* Hartmut Gerlicher (h.gerlicher@tu-bs.de) [19990922 13:25] spoke:
[...]
| what is/does nscd?
|
| and why the hell it is enabeld by default?
|
| (I hate programs beeing enabeld by default
[...]
I enjoyed reading this thread. Yes, most of you *hate*
sloppy default-setups, and those security holes a SuSE-System
has, if used by an unexperienced user.
But, i think it's not fair to blame SuSE for that
( well, especially if they documented their policy anywhere...
e.g. drop a note about things like nscd..)
they do a damn good job in helping unexperienced users to get
a working system set up, a system that *can* be made secure
afterwards, without having to build from scratch.
A newbie *can* use it out of the box, can play and test a lot,
without having to bother to get the stuff simply to run.
Imagine, how disappointing it is for a newbie, if he *cant* test all that
funny services on his localhost, if he had to wander through
all collected wisdom of wizardhood, just for getting to know
how a UNIX behaves.
Of course, this system *can not* be perfectly secure, by far not secure
enough for a cable connection w/ statIP.
You have to know what you're doing then, and YaST *can* be a valuable
help then ( can be a threat also.. ;-) ).
I'd suggest to the SuSE-People to prepare some kind of 'profile',
with an outline of a setup for various tasks, and ask the user,
if he wants a machine for standalone, family or www-server use.
These set of permissions from "easy" to "paranoid" is already a good idea;
why not try something in this fashion for the services ?
Maybe increase the verbosity-level of package selection
( "hey U idiot, don't tell me U want *that* package on a server ? No,
i won't install that." ) ;-)
Bye !
--
Gruss / with best regards
Jens-Eike Jesau