On Wed, Oct 02, 2002 at 12:09:46PM -0400, HoytDuff wrote: > On Wednesday 02 October 2002 01:56 am, C Moss scribbled in crayon on a yellow > legal pad: > > > > > > > that shoudl be a bug since there is a menu item for Samba configuration. > > > If it's installed, it should be running, shouldn't it? > > > > No!!!!! > > Please no, no no..... > > > > You should be able to install software without it running as default. > > Otherwise you will have all machines exposed to the inevitable future bug. > > My thoughts are that no matter what you install you should at least > > be required to learn enough to turn it on before listening on the network. > > > > > Chuck, > > Then one should be told to do so. I not, it should be enabled by default. Not > enabling it and not telling the user that it is not enabled is a poor > practice; handled in that manner, it _is_ a bug.
I agree it should be documented. That is somewhat what I was going for with "you should at least be required to learn enough". Not sure about swat but as an example of a good resolution: sendmail default configs were changed to only listen on 127.0.0.1 with 7.3. This was documented in a couple of places. There was some debate over whether or not it was easy enough to find but I don't think a server should be listening on a public port by default. If you don't know enough to look at the m4 file and tweak commented config it is a security risk to run sendmail. (assuming most boxes are on a hostile or open network these days) I am hoping that swat is documented in the samba rpm docs. ( i don't have 8.0 running yet) If not that is an issue but installing with secure/conservative defaults should be the norm. IMO. Previous releases (red Hat 5.2?) enabled all servers that were installed. If selected a generic server install you would have the following running: httpd ftp samba nfs dns sendmail etc. Prime environment for a linux worm..... I think we are in agreement for the most part but there is always debate about where things should be documented, i.e. config files, readme, rpm docs, man pages, web site, installer etc. It is not easy for those unfamiliar with the system to find all possible notes /FAQs etc. Chuck
