config files obfuscation [was: Configuring NFS under Linux for Firewall control]
Paul W. Frields
paul at frields.com
Wed Dec 1 21:22:08 UTC 2004
On Wed, 2004-12-01 at 12:13 -0800, Florin Andrei wrote:
> Ok, so then here's my not-so-pet peeve:
> There are all kinds of clever and remarkable things that the rc.d system
> is performing, but they are useless if a sysadmin cannot figure them out
> without either reading up acres of large shell scripts in /etc or
> chancing upon a bit of documentation that has the relevant info (not
> that i've seen anything in the docs related to the issue i was
> describing).
[...snip...]
A lot does appear in /usr/share/doc/initscripts-*/sysconfig.txt, but...
> If /etc/sysconfig/nfs is checked by a system script, then please by all
> means _create_ that file, add some generic content (put in all variables
> that _could_ be present in that file, but comment out those that are not
> typically used) and include it in a Fedora Core package.
>
> Same for ifcfg-eth* - now i know that ESSID is a valid variable and i
> know how to use it, but only after stumbling upon it by chance, when
> reading some system scripts in /etc.
>
> I would say, whenever a config file in /etc/sysconfig (or wherever)
> _might_ contain a variable, then it _should_ contain it. Comment it out
> if it's not used. Add an explanation above. Comments are good - like
> chicken soup for the sysadmin's brain. Look at /etc/syslog.conf - ain't
> that thing pretty?
[...snip...]
...this is a great idea regardless. Cf. also /etc/samba/smb.conf, I
believe. Start the ball rolling by reading the /etc/rc.d/init.d/???
script, parsing it for variable names, and reading the code to comment
it. Generate an example and Bugzilla the result.
Perhaps a good idea would be a tracking bug for this issue and then a
bug for each file. Here's what I drew up for NFS, but I will gladly
suffer accusations of carelessness if something here is stupid:
# -------------
# Sysconfig default file for nfs
#
# All variable names appear next to their assigned defaults.
# To change the default, uncomment the line and change the value.
# NFS version 2 will be used unless MOUNTD_NFS_V2 is set to 'no'
# MOUNTD_NFS_V2=default
# NFS version 3 will be used unless MOUNTD_NFS_V3 is set to 'no'
# MOUNTD_NFS_V3=default
# Number of nfsd servers to launch
# RPCNFSDCOUNT=8
# Location of rpc.rquotad, or set to 'no' to disable
# RQUOTAD=`type -path rpc.rquotad`
# Extra options, other than the above
# RPCRQUOTAOPTS=
# Default is to use portmap
# LOCKD_TCPPORT=
# LOCKD_UDPPORT=
# RQUOTAD_PORT=
# MOUNTD_PORT=
# -------------------
I haven't BZ'd this since I wasn't sure if anyone agreed with my
suggestion, but will do so if I can get a second on the motion.
--
Paul W. Frields, RHCE
More information about the devel
mailing list