config files obfuscation [was: Configuring NFS under Linux for Firewall control]

Florin Andrei florin at andrei.myip.org
Wed Dec 1 20:13:24 UTC 2004 

On Wed, 2004-12-01 at 13:31 -0600, Jason L Tibbitts III wrote:
> >>>>> "FA" == Florin Andrei <florin at andrei.myip.org> writes:
> 
> FA> For example, add
> FA> some variables, containing the port numbers for the various
> FA> portmap/nfs components, in a file in /etc/sysconfig:
> 
> /etc/sysconfig/nfs is checked.  You can things like:
> 
> RPCNFSDCOUNT
> MOUNTD_PORT
> STATD_PORT
> STATD_OUTGOING_PORT
> 
> You have to set the NLM ports in modprobe.conf or on the kernel
> command line.

D'oh! :-(

Ok, so then here's my not-so-pet peeve:
There are all kinds of clever and remarkable things that the rc.d system
is performing, but they are useless if a sysadmin cannot figure them out
without either reading up acres of large shell scripts in /etc or
chancing upon a bit of documentation that has the relevant info (not
that i've seen anything in the docs related to the issue i was
describing).

I already noticed that there are all kinds of arcane config bits in
places such as /etc/sysconfig/network-scripts/ifcfg-eth* that can be
very handy, but there's no way to unearth them other than printing out
all essential system scripts in /etc and reading them line by line.
Honestly, i hate to do that. Not because i'm lazy, but because i'm busy.
I assume i'm not the only one in this situation.

If /etc/sysconfig/nfs is checked by a system script, then please by all
means _create_ that file, add some generic content (put in all variables
that _could_ be present in that file, but comment out those that are not
typically used) and include it in a Fedora Core package.

Same for ifcfg-eth* - now i know that ESSID is a valid variable and i
know how to use it, but only after stumbling upon it by chance, when
reading some system scripts in /etc.

I would say, whenever a config file in /etc/sysconfig (or wherever)
_might_ contain a variable, then it _should_ contain it. Comment it out
if it's not used. Add an explanation above. Comments are good - like
chicken soup for the sysadmin's brain. Look at /etc/syslog.conf - ain't
that thing pretty?

I was initially a Slackware user and migrated later to Red Hat and
fought all those SysV-style versus BSD-style wars. I still think the
SysV style is better, but i ended up being wary of the Fedora /etc
directory, precisely because of the massive obfuscation i'm describing.
Sure, you guys at Red Hat must know /etc by heart, but how about us poor
mortals?

Please, not everyone is doing 100% of their homework beforehand -
indeed, it's impossible to do so in the real world. Many people learn
the system on the fly. Give them a helping hand.

Thanks!

Now i'm going back to fight looming deadlines. Sorry for rambling, i
still think y'all are cool. :-)

-- 
Florin Andrei

http://florin.myip.org/

More information about the fedora-devel-list mailing list