Default services enabled
Steve Grubb
sgrubb at redhat.com
Fri Aug 19 15:39:09 UTC 2011
On Friday, August 19, 2011 11:12:25 AM Tomasz Torcz wrote:
> On Fri, Aug 19, 2011 at 11:07:45AM -0400, Steve Grubb wrote:
> > On Friday, August 19, 2011 10:38:59 AM Ola Thoresen wrote:
> > > On 19. aug. 2011 16:00, "Jóhann B. Guðmundsson" wrote:
> > > > On 08/19/2011 12:35 PM, Steve Grubb wrote:
> > > >> On Friday, August 19, 2011 03:41:33 AM Tim Waugh wrote:
> > > >>> On Thu, 2011-08-18 at 16:52 -0600, Orion Poplawski wrote:
> > > >>>> It's not so much cups start up being slow as discovering network
> > > >>>> printers. That can take up to a minute I think.
> > > >>>
> > > >>> This is true... however, discovered printers are cached so this is
> > > >>> only an issue the first time CUPS starts after installation (or
> > > >>> after connection to a new network).
> > > >>
> > > >> If CUPS is enabled by default, can this be done for runlevel 5 only?
> > > >> It should not be enabled by default for servers.
> > > >
> > > > There are no such things as run levels in systemd but yeah desktop
> > > > related services should just be enabled when booting into the
> > > > graphical target.
> > >
> > > Just a thought - would it make sense to create a "server-target"
> > > (and/or "desktop-target") that is independent of graphical-target?
> >
> > I would hope there are pre-canned targets for different crowds. I also
> > hope there is a secure default configuration for each of them. I also
> > hope there is a way to list all
>
> There was some talk about ”preset” - what should be enabled in various
> scenarios (spins).
So, the main Fedora download is not sufficient? We have to download a server spin to
have the right security settings? If so we should also take way the ability to pick
packages because someone might accidentally create a server at install time.
We need a way to specify in the service init files which targets the service is allowed
to run in by default.
> > of these targets and what is enabled for each one, because that will be
> > needed for any kind of security analysis.
>
> System settings:
> % ls /lib/systemd/system/<name>.target.wants/
> Admin settings:
> % ls /etc/systemd/system/<name>.target.wants/
What would be nice is to wrap that up in a program, format it into columns for easy
comparison. Once you have that it might even be nice to use the same tool to make
configuration changes....
-Steve
More information about the devel
mailing list