Russ Allbery wrote: > Josh Triplett <j...@joshtriplett.org> writes: > > However, I don't think "run a pile of scripts to write out a dynamic > > MOTD at boot time" is a sensible default, either. > > Why not? > > > I'd suggest putting update-motd and update-motd.d into a separate, > > optional package that users can install if they really want it, and > > using either static files or /etc/issue escape sequences as the default > > to avoid running *anything* at either boot or login time. > > This desire to avoid running something at boot is mystifying to me. Since > when do we try to avoid running things at boot, and why would we? It's > not like this is going to add any appreciable delay to boot time (and > that's not a huge concern anyway).
One more (set of) shell scripts spawned at boot time adds incremental complexity, fragility, and yes, a small amount of delay. It might not matter much if you're spending 60 seconds booting a server; on the other hand, with client boot times currently at a few seconds without any optimization, <1s with a little work, and hopefully heading even lower, spawning off even one more instance of /bin/sh than needed (along with miscellaneous other programs invoked from a shell script) seems worth avoiding. > >> If you log in with public key authentication, does it even show > >> anything? I bet it doesn't. > > > It does, actually, right next to the time of last login. > > Ah, then its man page is wrong. > > pam_issue is a PAM module to prepend an issue file to the username > prompt Sorry, in my response to your question, I thought you were talking about sshd's current Debian default to use PAM and to display the motd through pam_motd, which it does do even for non-password login. I have not tested pam_issue with sshd. > If it's instead a different variation on pam_motd, that's better. But I > think it would still be even better to make the login flow as stupid and > simple as possible, not do a bunch of dynamic string expansion in C. Bearing in mind that both the issue file and all of the values available for string expansion come from trusted sources, that doesn't seem particularly concerning. Definitely seems simpler and less fragile than either update-motd.d or spawning a separate uname process. - Josh Triplett -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150126162328.GA1740@jtriplet-mobl1
