HI! The run-level editor in SuSE 8.0 always switches port mapper on because it assumes that it's needed by inetd. But I have no service in my inetd.conf at all which needs portmapper. Since portmapper is one of the most evil beasts regarding security this behaviour of the Yast2 run-level editor is complete bullshit! Ciao, Michael.
Am Son, 2002-05-05 um 13.35 schrieb Michael Ströder:
HI!
The run-level editor in SuSE 8.0 always switches port mapper on because it assumes that it's needed by inetd. But I have no service in my inetd.conf at all which needs portmapper.
Since portmapper is one of the most evil beasts regarding security this behaviour of the Yast2 run-level editor is complete bullshit!
ACK. that's why i'm administrating unix/linux systems using an editor and a shell. that's all you need. yast(1/2) is running while installation and can go where ever it likes after that. there are some more things i don't like on yast/yast2. after installing a new rpm, lets say vim, why my sendmail must be reconfigured by suseconfig ????? there are more useless things done after installing new rpms, even if everything else works fine, when i install them using rpm on the cmdline. i don't get paid for wasting time. i've get paid for administrating/programming systems, not for wasting my time on useless things. so my advice: administrate your system by hand and let all those susetools untouched. but be careful on updaeting your system to a new suse version, lot of thing could be gone, because suse doesn't use the real config script to configure your systems, but there own ones. so backup before using yast/yast2. unix, seperating the boys from the men. mfg alex -- mfg alex ------------------------------------------------------------------------ I am chaos. I am the substance from which your artists and scientists build rhythms. I am the spirit with which your children and clowns laugh in happy anarchy. I am chaos. I am alive, and tell you that you are free
Alexander Thoma wrote:
Am Son, 2002-05-05 um 13.35 schrieb Michael Ströder:
there are some more things i don't like on yast/yast2. after installing a new rpm, lets say vim, why my sendmail must be reconfigured by suseconfig ?????
You can switch that off. See /etc/sysconfig/suseconfig.
so my advice: administrate your system by hand and let all those susetools untouched.
The problem is that SuSE 8.0 makes it very hard to configure manually. That's a bad tendency - especially reagrding security. Ciao, Michael.
* Michael Ströder wrote on Sun, May 05, 2002 at 14:14 +0200:
Alexander Thoma wrote:
Am Son, 2002-05-05 um 13.35 schrieb Michael Ströder: so my advice: administrate your system by hand and let all those susetools untouched.
The problem is that SuSE 8.0 makes it very hard to configure manually. That's a bad tendency - especially reagrding security.
Yes, it is. It's getting more difficult to configure a suse server secure, since a lot of automatic things work somewhere in the background and may make surprising decisions... I think SuSE is going to desktop and away from server. I understand that SuSE makes more money with this way, since GNU/Linux can be taken like a windows replacement. It's getting more and more similar to windows I think, which affects the good but also bad things. From security point of view I don't like that. When I set up a server for i.e. DNS, I have to do a lot of things. Well, maybe harden_suse assists with it, but a typical SuSE install is less an server but more a desktop system. I don't know if it's documented somewhere, but I think it is not easy to find out which automatic setup routine changes what in which distribution. With the higher complexity the transparency get lost a little I think. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Am Son, 2002-05-05 um 14.14 schrieb Michael Ströder:
Alexander Thoma wrote:
Am Son, 2002-05-05 um 13.35 schrieb Michael Ströder:
there are some more things i don't like on yast/yast2. after installing a new rpm, lets say vim, why my sendmail must be reconfigured by suseconfig ?????
You can switch that off. See /etc/sysconfig/suseconfig. i'm sitting in front of an 7.3 system. i don't have this file there nor in some other directory. but what's the name of the key/value pair: DONT_ACT_STUPID=yes ?????
so my advice: administrate your system by hand and let all those susetools untouched.
The problem is that SuSE 8.0 makes it very hard to configure manually. That's a bad tendency - especially reagrding security.
there some more things i've seen on 8.0, which i don't like. for example: - no make/gcc on default installation, - more games on the professional edition. so, on all new machienes i have to set up, i will use some other distributions (at the moment i think this will be debian). the machienes running suse 7.3, as long i can get working everything i want, i leave em untouched, if i need something that doesn't work with 7.3, i will reinstall an other distribution too. maybe suse will leave the new way of satisfing windows users, then i will be able to use suse in the future, but as long as they going this way, i can't use 'em on systems i need a unix-like os. this is my opinion, sad but true. so long alex -- mfg alex ------------------------------------------------------------------------ I am chaos. I am the substance from which your artists and scientists build rhythms. I am the spirit with which your children and clowns laugh in happy anarchy. I am chaos. I am alive, and tell you that you are free
Alexander Thoma wrote:
You can switch that off. See /etc/sysconfig/suseconfig.
i'm sitting in front of an 7.3 system. i don't have this file there
Sorry, the subject line contains 8.0. Therefore I'm obviously referring to SuSE 8.0. Ciao, Michael.
Am Son, 2002-05-05 um 16.25 schrieb Michael Ströder:
Alexander Thoma wrote:
You can switch that off. See /etc/sysconfig/suseconfig.
i'm sitting in front of an 7.3 system. i don't have this file there
Sorry, the subject line contains 8.0. Therefore I'm obviously referring to SuSE 8.0.
your right with that, but i've hoped you could tell me out of the box, how i could switch it off in SuSE 7.3. I've tried SuSE 8.0 on a vmware-box and throw it already away (not vmware but suse 8.0). So your right to answer how to do this on 8.0. so long alex -- I am chaos. I am the substance from which your artists and scientists build rhythms. I am the spirit with which your children and clowns laugh in happy anarchy. I am chaos. I am alive, and tell you that you are free
On Sunday 05 May 2002 16:37, Alexander Thoma wrote:
Am Son, 2002-05-05 um 16.25 schrieb Michael Ströder:
Alexander Thoma wrote:
You can switch that off. See /etc/sysconfig/suseconfig.
i'm sitting in front of an 7.3 system. i don't have this file there
Sorry, the subject line contains 8.0. Therefore I'm obviously referring to SuSE 8.0.
your right with that, but i've hoped you could tell me out of the box, how i could switch it off in SuSE 7.3.
Probably the same way as in SuSE 7.2. Edit /etc/rc/config.d/sendmail.rc.config and change SENDMAIL_TYPE to no. If you don't want SuSEconfig to modify anything, change ENABLE_SUSECONFIG to no in /etc/rc.config -- GertJan
Alexander Thoma wrote: => SNIP
so my advice: administrate your system by hand and let all those susetools untouched.
The problem is that SuSE 8.0 makes it very hard to configure manually. That's a bad tendency - especially reagrding security.
there some more things i've seen on 8.0, which i don't like. for example: - no make/gcc on default installation, - more games on the professional edition.
People who take a default installation tend to not use make or gcc. Anyone who has enough savvy to use gcc/make should certainly be able to install them. As for more games: there is more of everything, so yes, also more games. As you will see, none are installed default so what exactly is your problem with this??
so, on all new machienes i have to set up, i will use some other distributions (at the moment i think this will be debian). the machienes running suse 7.3, as long i can get working everything i want, i leave em untouched, if i need something that doesn't work with 7.3, i will reinstall an other distribution too.
maybe suse will leave the new way of satisfing windows users, then i will be able to use suse in the future, but as long as they going this way, i can't use 'em on systems i need a unix-like os.
If I'm not mistaken, all the changes in the configuration were made to standardize things between different linux versions (lsb and such?). You actually think the average Windows user is at all interested or even able to use the new configuration mechanisms?? If you feel you need to use Debian, by all means go ahead, but please don't whine about "SuSE goes desktop, they changed things around and I can't find anything anymore." Everyone is free to manually admininster their systems, in which case they will find nothing has changed this version (well nothing important anyway), if they want to use the SuSE configuration tools, then they accept that SuSE configures these so that most users will profit from them. Personally, I am extremely impressed with v8. It took me about 30 seconds to get used to sysconfig instead of rc.config, and now I can work with it like always, with the exception that every problem I've ever had with the installation process seems to have been ironed out (applause ;-)), and some of my less knowledgeable acquaintances who want to get to know linux (a move I fully support :-)) can now easily install a system as well.
this is my opinion, sad but true.
please leave out your emotional state unless it's security-related ofc ;-) Stefan
On Monday 06 May 2002 07:42 am, you wrote:
Alexander Thoma wrote:
=> SNIP
so my advice: administrate your system by hand and let all those susetools untouched.
The problem is that SuSE 8.0 makes it very hard to configure manually. That's a bad tendency - especially reagrding security.
I too am uncomfortable with the "behind scene" changes. Yast is a good tool for SuSE installed apps. But when you f.ex. prefer a newer Samba you are in trouble if you install from source and then accidentally run automatic online update. You hose your samba install. True, it would be MY mistake, but why allow it in the first place. On any scripts/pgms I write I take these kinds of things into consideration which makes it overall safer to administer. The best solution would be if you could turn off modules in Yast where you prefer to configure things manually. Then whatever you did, or some jr admin, it would not hose the system. This kind of problems always happen when you automate. You gain here and loose there. SuSE is really pretty OK as long as you stick to their install. So I can easily agree with the desktop feel that previous email spoke about. I've been oscillating on going back to RH on servers for that reason. Actually I've also been leaning towards assembling my own server distro for my own use. At least it would be easy to administer and upgrade. Under early Linux I had a whole environment that I had created using scripts that maintained it all. So I've come full circle. -- Steve Szmidt V.P. Information Video Group Distributors, Inc.
On Mon, 6 May 2002, Steve wrote:
I too am uncomfortable with the "behind scene" changes. Yast is a good tool for SuSE installed apps. But when you f.ex. prefer a newer Samba you are in trouble if you install from source and then accidentally run automatic online update. You hose your samba install. True, it would be MY mistake, but why allow it in the first place. On any scripts/pgms I write I take these kinds of things into consideration which makes it overall safer to administer. Installing from source brings you to hell - sooner or later. You should AT LEAST try to build your own RPM's that fit into the system's package management. And talking about online update: My YOU replacement (www.gaugusch.at/fou4s) supports notification and ignoring of named packages. Maybe you should give it a try. The best solution would be if you could turn off modules in Yast where you prefer to configure things manually. Then whatever you did, or some jr admin, it would not hose the system. This kind of problems always happen when you automate. You gain here and loose there. How about a decent backup system? SuSE is really pretty OK as long as you stick to their install. You should stick to their package system (RPM), and everything will be fine. For example, I compiled Gnome-Toaster 1.0Beta5 on my system (7.3). During update, I was asked if I wanted to replace it by 1.0Beta2 (which is delivered with 8.0) - of course not, but isn't it niiiiice? :) So I can easily agree with the desktop feel that previous email spoke about. I've been oscillating on going back to RH on servers for that reason. A few months ago I self-compiled a kernel on a redhat machine. The f*cking online update didn't want to update PHP4 because of broken dependencies! Those "§$)= people include the kernel in their online-update dependencies ... ha! very nice - NOT :(
Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \
On Monday 06 May 2002 08:56 am, you wrote:
Installing from source brings you to hell - sooner or later. You should AT LEAST try to build your own RPM's that fit into the system's package management. And talking about online update: My YOU replacement (www.gaugusch.at/fou4s) supports notification and ignoring of named packages. Maybe you should give it a try.
Hm. If I had the desire to be creating rpms yes. But why should I go through that extra hassle? I never got suse because of their packaging system. I was attracted to the completeness of their distribution. I love the DVD. Plus the fact it was more secure out of the box. Adding up to less for me to do. I've been installing Linux since before redhat came along. Source installs are exactly the way you want it. Support for what I want. Not general for the masses. RPM's are faster and easier to install. But take Apache. Unless a plain install is needed don't even think of using rpm. Suse is generally a good choice for the desktop. You make a tradeoff with the ease of maintenance. It's not like I want Suse to stop what they are doing. It's my call as to what distribution I use. (I think this is going too far O.T. so I'll stop.)
A few months ago I self-compiled a kernel on a redhat machine. The f*cking online update didn't want to update PHP4 because of broken dependencies! Those "§$)= people include the kernel in their online-update dependencies ... ha! very nice - NOT :(
Another "helpful" feature! Hehe.. I guess if I could automate going from source to keep the hassle level down, and make it a Suse rpm that would be ideal. (To tell the truth I don't think I've ever even made a rpm.) So if I did a source install and then used that to generate the Suse compatible rpm things could be looking up!
Markus
-- Steve Szmidt V.P. Information Video Group Distributors, Inc.
On Wed, 8 May 2002, Steve wrote:
Hm. If I had the desire to be creating rpms yes. But why should I go through that extra hassle? There is a very clear answer for this: It is the clean way. Servers that are supposed to run stable, should be set up in a clean way. The more often you leave the path of the package system, you are on the way to trouble. It's in the same category as "Backup" and "Documentation": Some people may live without these things for years without a single problem. But in fact it is dangerous, and lot of hard work is wasted, if something goes wrong. Suse is generally a good choice for the desktop. As well for servers. Even if SuSE received a lot of criticism for 8.0 with removed yast1, etc., they are still a good server distribution too. The /etc/sysconfig approach makes it even just better than any suse before (I don't have to use YaST anymore for setting up the network, because the syntax has become sane, finally). I guess if I could automate going from source to keep the hassle level down, and make it a Suse rpm that would be ideal. yes. grab the xxx.src.rpm from the DVD, copy your new version of xxx to the sources directory, change and rebuild the spec file and you are there.
Security has its price, and a clean and consistent system is one of the things you should pay for. Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \
Yah, Markus Gaugusch wrote:
There is a very clear answer for this: It is the clean way. Servers that are supposed to run stable, should be set up in a clean way. The more often you leave the path of the package system, you are on the way to trouble. It's in the same category as "Backup" and "Documentation": Some people may live without these things for years without a single problem. But in fact it is dangerous, and lot of hard work is wasted, if something goes wrong.
Suse is generally a good choice for the desktop. As well for servers. Even if SuSE received a lot of criticism for 8.0 with [...] Security has its price, and a clean and consistent system is one of the things you should pay for.
Markus
Agreed. To a point, that is. ...that's why I build most of my systems from scratch, without any package installer or anything. SuSE IMO has LEFT the path of a decent server Linux distro, at least with 8.0. Ask around for ppl who updated some of their (partly manually modified) 7.x systems to 8.0, ppl like me who NEED to manually adjust some knobs... and don't get me started on the ominous Standard/Proffessional SuSE versions... that angers me to no end. 8.0 is a pure waste of my admin time. Sorry to be so rude/hard, but it's my experience so far. And please ppl, don't come running and tell me something about economic installation with servers and RPM. Package installers are for sissies! :-) ;-) I want a MONOLITHIC, dedicated server for our customers. I DON'T want a multi-purpose thing which transfers mails, runs a web server, protects the network, diapers my children, makes some tea and feeds the goldfish. Security is a way of thinking, not a product you can install and run, and if ppl don't want to dive down into their Linux servers, enter the "engine room" and tap into the oily mechanics of a running system, they will NEVER EVER get their shit secure. Simple as that. I basically appreciate SuSE's efforts, no doubt about that. I know what it means to do all that package compilations, updates and whatnot, but, well, I think the times they are a-changin; It's DESKTOP time, and that seems to be it for me. To FreeBSD we go... ;) Sorry for my rant... Boris Lorenz <bolo@lupa.de> ...who is pissed about how things turning out to be...
Boris Lorenz wrote: [SNIP]
Sorry for my rant...
I agree with it all... I'm sad to leave SuSE, but it doesn't float my boat any more on servers, and I'm not paying 485 UKP for the server "version" when it's released in 6 months time.
Boris Lorenz <bolo@lupa.de> ...who is pissed about how things turning out to be...
Take a long, hard look at Gentoo. http://www.gentoo.org It has its quirks, but I'm getting there... Cheers, Laurie. -- --------------------------------------------------------------------- Laurie Brown laurie@brownowl.com PGP key at http://pgpkeys.mit.edu:11371 ---------------------------------------------------------------------
participants (9)
-
Alexander Thoma -
Boris Lorenz -
GertJan Spoelman -
Laurie Brown -
Markus Gaugusch -
Michael Ströder -
Stefan Suurmeijer -
Steffen Dettmer -
Steve