On Thursday 22 May 2003 09:57, Arjen de Korte wrote:

On Thursday 22 May 2003 10:08, John Andersen wrote:

I'm taking this off-list, since I can't find anything security related to this thread...

[ ...]

...

I have a similar case.

In my case, insserv insists on starting Shorewall AFTER vmware in spite of my having vmware as a pre-requsite to shorewall.

So? This is correct. If you put vmware in the list of Required-Start, it will place the link to the shorewall startup script AFTER the link to the vmware startup script. Provided that you have used insserv to enter vmware in the runlevel directories as well.

I mis-typed. I meant to say that shorewall starts BEFORE vmware even though I have this in the Shorewall script: #### BEGIN INIT INFO # Provides: shorewall # Required-Start: $network vmware # Required-Stop: # Default-Start: 2 3 5 # Default-Stop: 0 1 6 # Description: starts and stops the shorewall firewall ### END INIT INFO ----

...

But the METHOD of changing the names (hence the order) of the runlevel scripts is all we are discussing, the fact that you MUST change the script name to change the order is a given.

The name of the script has nothing to do with it. See for yourself in the /var/log/boot.msg file. It is the (alphabetical) order of the links to the scripts in /etc/init.d/rc?.d that matters.

Yes, of course, I was referring to the names of the links, as I mentioned in the part you clipped where I said: As you know, the alphabetical order of the links in the /etc/init.d/rc?.d directory sets the order they are run. If those are wrong the Optimum way you make them right is setting the Required-Start list to include network and running insserv. I originally thought your first post implied that these orders should never be changed because of what you said: "I'm still not convinced of a valid reason to change the startup order." It now seems that we fully agree that changing the start up order is necessary and the method to do so involves manipulating the names of the links, either manually or via insserv My problem remains that insserv was failing to honor the Required-Start as listed in the above snip of my shorewall script However, while putting together this message I noticed that the vmware script has these lines in it... ### BEGIN INIT INFO # Provides: VMware # Required-Start: $network $syslog # Required-Stop: # Default-Start: 3 5 # Default-Stop: # Description: Manages the services needed to run VMware software ### END INIT INFO The name of the script is "vmware" and thats the name I used inside my shorewall script for the "Required-Start". But I just noticed that the CaPiTaLiZaTiOn of the vmware script name differs with its "Provides" list. Running some tests with the capitalization corrected shows that it does indeed work. Grep-ing the scripts, I see that the vmware script is the ONLY one where the "Provides" differs in capitilzation from the script name. A trap for the unwary. I stand corrected. I hope you don't mind me putting this BACK on the security list, because a) that's where I badmouthed insserv and so should post my retraction there, b) it has a chance of being picked up by google there and that might help the next guy, and c) one's firewall failing to start because of a capitalization error is a security issue in my eyes. -- _____________________________________ John Andersen