On Mon, 06 May 2013, Helmut Grohne wrote: > On Mon, May 06, 2013 at 04:08:07PM +0200, Christoph Anton Mitterer wrote: > > 1) IMHO, services/daemons (e.g. apache, ejabberd, etc.) that listen per > > default on the network (unless loopback only) shouldn't be started per > > default, after being installed. > > May I point to /usr/sbin/policy-rc.d? As has been pointed out a number > of times now, there is no consensus on not starting daemons by default. > To enable you as a user to change the default this policy helper is > provided as a hook. You also might want to look at the > policyrcd-script-zg2 package. > > This is not to say that the current mechanisms for achieving "do not > start daemons at installation" are ideal. Clearly there is room for > improvement, but the hooks are available.
Except for chroots that do not run the boot-time scripts, this mechanism is mostly useless. /etc/init.d/rc doesn't know about policy-rc.d and thus you can't use it to disable services that are installed on a real server. (Or I missed something and someone need to enlighten me.) While I believe that the "start by default" is a reasonable default, I also believe that we should have a way for administrators to control this more finely, and unfortunately policy-rc.d doesn't seem to do that. For Kali Linux, I opted to dpkg-divert update-rc.d to be able to disable services as soon as they are installed. Cheers, -- Raphaël Hertzog ◈ Debian Developer Get the Debian Administrator's Handbook: → http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130507063224.gb32...@x230-buxy.home.ouaza.com
