Services

Wed Oct 15 11:57:32 UTC 2003

On Wed, 15 Oct 2003, Joakim Ryden wrote:

>> You're right. But maybe it's an example of a service that could be off by
>> default and if you need it you simply use redhat-config-services and put a
>> checkmark in front of it.
>>
>> But of course, if a service takes zero seconds to start, has no noticable
>> memory foot print and could never cause security problems it makes no sense
>> to remove it from the startup.
>
>I think a default policy of "start as little as possible" should always be the 
>goal from all kinds of perspectives (security, startup time etc etc). Show me 
>a piece of software that could never cause security problems and I will show 
>you a very rich and famous programmer.  :-)

There are different and sometimes conflicting goals however.  The 
merits of any decision to change something like this need to have 
good benefits all around.  As stated already, if starting a 
service by default unconditionally allows more users systems to 
just work by default, and it does not have security risks, and 
doesn't have significant resource usage overhead or slow down the 
bootup sequence noticeably, then there is no harm leaving 
services running.

One could for example argue that many machines out there do not 
run an X server, so why do we start up xfs at boot by default?

The answer is simple:  It doesn't harm anything, it is not 
network enabled by default, and it does make sure the font server 
is running *if* someone does run it.  It also dramatically 
reduces the likelyhood of Red Hat technical support phonelines 
being filled with "my X server wont start" and bug reports 
hitting bugzilla from people who don't even know xfs exists or 
what it does.

That same principle equally applies to other things.  An end user 
doesn't necessarily even know that they need to have the ISDN 
service running, or PCMCIA, etc..  We may be able to make various 
improvments to the scripts, startup sequence, parallelization, 
etc. and optimize it much more, but we also want to make the OS 
"do the right thing" for as many users as possible, and that 
means things just working wherever it is easily and sanely 
possible to have them just work.

The users who actually care that ISDN, etc. has started on their 
systems and they don't and wont ever need it, are usually smart 
enough to turn those types of services off.  The users who do 
need those services however are not necessarily going to know 
they need to turn things on.  By making the system work in a way 
that works best for people who aren't necessarily experts, but 
yet also doesn't make any major security compromises, and has 
negligible resource usage, it's a better system overall IMHO.

Feel free to file bug RFE's in bugzilla if you think a script has 
issues that we should investigate though, or if you think 
something is starting that is truely unnecessary.  There is 
always room for improvement, as the recent xfs initscript changes 
show.  ;o)

-- 
Mike A. Harris     ftp://people.redhat.com/mharris
OS Systems Engineer - XFree86 maintainer - Red Hat