[PATCH][meta-oe] samba: disable services for sysvinit

[PATCH][meta-oe] samba: disable services for sysvinit

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

The smb, nmb, winbind services have been disabled for systemd system
by default, disable them for sysvinit as well.

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 meta-oe/recipes-connectivity/samba/samba.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-oe/recipes-connectivity/samba/samba.inc b/meta-oe/recipes-connectivity/samba/samba.inc
index abfd5ca..99216ce 100644
--- a/meta-oe/recipes-connectivity/samba/samba.inc
+++ b/meta-oe/recipes-connectivity/samba/samba.inc
@@ -69,7 +69,7 @@ INITSCRIPT_NAME_winbind = "winbind"
 # No dependencies, goes in at level 20 (NOTE: take care with the
 # level, later levels put the shutdown later too - see the links
 # in rc6.d, the shutdown must precede network shutdown).
-INITSCRIPT_PARAMS = "defaults"
+INITSCRIPT_PARAMS = "disable"
 CONFFILES_${PN} = "${sysconfdir}/samba/smb.conf"
 
 do_configure_prepend () {
-- 
1.9.1

Re: [PATCH][meta-oe] samba: disable services for sysvinit

[Andreas Oberritter]

Dear Wenzong Fan,

On 04.03.2015 07:18, wenzong.fan@windriver.com wrote:
> From: Wenzong Fan <wenzong.fan@windriver.com>
> 
> The smb, nmb, winbind services have been disabled for systemd system
> by default, disable them for sysvinit as well.

why would anybody install these services without the desire for using
them? Did the patch disabling them for systemd get merged by mistake? I
remember Paul objecting to it.

Regards,
Andreas

> 
> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
> ---
>  meta-oe/recipes-connectivity/samba/samba.inc | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/meta-oe/recipes-connectivity/samba/samba.inc b/meta-oe/recipes-connectivity/samba/samba.inc
> index abfd5ca..99216ce 100644
> --- a/meta-oe/recipes-connectivity/samba/samba.inc
> +++ b/meta-oe/recipes-connectivity/samba/samba.inc
> @@ -69,7 +69,7 @@ INITSCRIPT_NAME_winbind = "winbind"
>  # No dependencies, goes in at level 20 (NOTE: take care with the
>  # level, later levels put the shutdown later too - see the links
>  # in rc6.d, the shutdown must precede network shutdown).
> -INITSCRIPT_PARAMS = "defaults"
> +INITSCRIPT_PARAMS = "disable"
>  CONFFILES_${PN} = "${sysconfdir}/samba/smb.conf"
>  
>  do_configure_prepend () {
> 

Re: [PATCH][meta-oe] samba: disable services for sysvinit

[wenzong fan]

On 03/04/2015 05:12 PM, Andreas Oberritter wrote:
> Dear Wenzong Fan,
>
> On 04.03.2015 07:18, wenzong.fan@windriver.com wrote:
>> From: Wenzong Fan <wenzong.fan@windriver.com>
>>
>> The smb, nmb, winbind services have been disabled for systemd system
>> by default, disable them for sysvinit as well.
>
> why would anybody install these services without the desire for using
> them? Did the patch disabling them for systemd get merged by mistake? I
> remember Paul objecting to it.

The samba is not a common service that required by system, especially in 
some security environment, it should be configured correctly first - 
This is why I incline to disable it by default.

Yes, it did - this may give me some hints that it should be disabled ...

Thanks
Wenzong

>
> Regards,
> Andreas
>
>>
>> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
>> ---
>>   meta-oe/recipes-connectivity/samba/samba.inc | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/meta-oe/recipes-connectivity/samba/samba.inc b/meta-oe/recipes-connectivity/samba/samba.inc
>> index abfd5ca..99216ce 100644
>> --- a/meta-oe/recipes-connectivity/samba/samba.inc
>> +++ b/meta-oe/recipes-connectivity/samba/samba.inc
>> @@ -69,7 +69,7 @@ INITSCRIPT_NAME_winbind = "winbind"
>>   # No dependencies, goes in at level 20 (NOTE: take care with the
>>   # level, later levels put the shutdown later too - see the links
>>   # in rc6.d, the shutdown must precede network shutdown).
>> -INITSCRIPT_PARAMS = "defaults"
>> +INITSCRIPT_PARAMS = "disable"
>>   CONFFILES_${PN} = "${sysconfdir}/samba/smb.conf"
>>
>>   do_configure_prepend () {
>>
>

Re: [PATCH][meta-oe] samba: disable services for sysvinit

[Andreas Oberritter]

On 04.03.2015 10:43, wenzong fan wrote:
> On 03/04/2015 05:12 PM, Andreas Oberritter wrote:
>> Dear Wenzong Fan,
>>
>> On 04.03.2015 07:18, wenzong.fan@windriver.com wrote:
>>> From: Wenzong Fan <wenzong.fan@windriver.com>
>>>
>>> The smb, nmb, winbind services have been disabled for systemd system
>>> by default, disable them for sysvinit as well.
>>
>> why would anybody install these services without the desire for using
>> them? Did the patch disabling them for systemd get merged by mistake? I
>> remember Paul objecting to it.
> 
> The samba is not a common service that required by system, especially in
> some security environment, it should be configured correctly first -
> This is why I incline to disable it by default.

This doesn't convince me, as the line you're drawing between samba and
other services seems to be chosen arbitrarily.

"git grep INITSCRIPT_PARAMS.*disable" shows no results in both
openembedded-core and meta-openembedded (dizzy). So samba will be the
first and only service that's disabled by default and requires manual
intervention by the user? Why don't you ship a safe configuration instead?

As Paul stated, the distro is responsible for correct configuration.
IMHO there's no reason to deviate from common behaviour just because
samba seems to be less safe than any other network service in your view.

> Yes, it did - this may give me some hints that it should be disabled ...

Unfortunately I don't understand what you're referring to here.

Regards,
Andreas

Re: [PATCH][meta-oe] samba: disable services for sysvinit

[wenzong fan]

On 03/04/2015 07:02 PM, Andreas Oberritter wrote:
> On 04.03.2015 10:43, wenzong fan wrote:
>> On 03/04/2015 05:12 PM, Andreas Oberritter wrote:
>>> Dear Wenzong Fan,
>>>
>>> On 04.03.2015 07:18, wenzong.fan@windriver.com wrote:
>>>> From: Wenzong Fan <wenzong.fan@windriver.com>
>>>>
>>>> The smb, nmb, winbind services have been disabled for systemd system
>>>> by default, disable them for sysvinit as well.
>>>
>>> why would anybody install these services without the desire for using
>>> them? Did the patch disabling them for systemd get merged by mistake? I
>>> remember Paul objecting to it.
>>
>> The samba is not a common service that required by system, especially in
>> some security environment, it should be configured correctly first -
>> This is why I incline to disable it by default.
>
> This doesn't convince me, as the line you're drawing between samba and
> other services seems to be chosen arbitrarily.
>
> "git grep INITSCRIPT_PARAMS.*disable" shows no results in both
> openembedded-core and meta-openembedded (dizzy). So samba will be the
> first and only service that's disabled by default and requires manual
> intervention by the user? Why don't you ship a safe configuration instead?
>
> As Paul stated, the distro is responsible for correct configuration.
> IMHO there's no reason to deviate from common behaviour just because
> samba seems to be less safe than any other network service in your view.
>

Ok, thanks for your advises, I agree with you.

Please maintainer ignore my patch.

>> Yes, it did - this may give me some hints that it should be disabled ...
>
> Unfortunately I don't understand what you're referring to here.

Sorry for the confusion, it answered you second question about if "the 
patch disabling them for systemd get merged by mistake?".

Yes, the patch for systemd has been merged - It gives me hint that it's 
a proper behavior for samba, but looks it isn't ...

Please refer to the commit: 20a624928c030fa13d8b7d45b4f4d7e1ac624f60

It should be reverted now!

Thanks
Wenzong

>
> Regards,
> Andreas
>
>

Re: [PATCH][meta-oe] samba: disable services for sysvinit

[Andreas Oberritter]

Hi Martin,

On 05.03.2015 02:26, wenzong fan wrote:
> On 03/04/2015 07:02 PM, Andreas Oberritter wrote:
>> On 04.03.2015 10:43, wenzong fan wrote:
>>> On 03/04/2015 05:12 PM, Andreas Oberritter wrote:
>>>> Dear Wenzong Fan,
>>>>
>>>> On 04.03.2015 07:18, wenzong.fan@windriver.com wrote:
>>>>> From: Wenzong Fan <wenzong.fan@windriver.com>
>>>>>
>>>>> The smb, nmb, winbind services have been disabled for systemd system
>>>>> by default, disable them for sysvinit as well.
>>>>
>>>> why would anybody install these services without the desire for using
>>>> them? Did the patch disabling them for systemd get merged by mistake? I
>>>> remember Paul objecting to it.
>>>
>>> The samba is not a common service that required by system, especially in
>>> some security environment, it should be configured correctly first -
>>> This is why I incline to disable it by default.
>>
>> This doesn't convince me, as the line you're drawing between samba and
>> other services seems to be chosen arbitrarily.
>>
>> "git grep INITSCRIPT_PARAMS.*disable" shows no results in both
>> openembedded-core and meta-openembedded (dizzy). So samba will be the
>> first and only service that's disabled by default and requires manual
>> intervention by the user? Why don't you ship a safe configuration
>> instead?
>>
>> As Paul stated, the distro is responsible for correct configuration.
>> IMHO there's no reason to deviate from common behaviour just because
>> samba seems to be less safe than any other network service in your view.
>>
> 
> Ok, thanks for your advises, I agree with you.
> 
> Please maintainer ignore my patch.
> 
>>> Yes, it did - this may give me some hints that it should be disabled ...
>>
>> Unfortunately I don't understand what you're referring to here.
> 
> Sorry for the confusion, it answered you second question about if "the
> patch disabling them for systemd get merged by mistake?".
> 
> Yes, the patch for systemd has been merged - It gives me hint that it's
> a proper behavior for samba, but looks it isn't ...
> 
> Please refer to the commit: 20a624928c030fa13d8b7d45b4f4d7e1ac624f60
> 
> It should be reverted now!

You applied this patch to jansa/master. Would you mind reverting
20a624928c030fa13d8b7d45b4f4d7e1ac624f60 instead, as discussed in this
thread?

Regards,
Andreas

Re: [PATCH][meta-oe] samba: disable services for sysvinit

[Martin Jansa]

[-- Attachment #1: Type: text/plain, Size: 2881 bytes --]

On Sun, Mar 29, 2015 at 04:35:11PM +0200, Andreas Oberritter wrote:
> Hi Martin,
> 
> On 05.03.2015 02:26, wenzong fan wrote:
> > On 03/04/2015 07:02 PM, Andreas Oberritter wrote:
> >> On 04.03.2015 10:43, wenzong fan wrote:
> >>> On 03/04/2015 05:12 PM, Andreas Oberritter wrote:
> >>>> Dear Wenzong Fan,
> >>>>
> >>>> On 04.03.2015 07:18, wenzong.fan@windriver.com wrote:
> >>>>> From: Wenzong Fan <wenzong.fan@windriver.com>
> >>>>>
> >>>>> The smb, nmb, winbind services have been disabled for systemd system
> >>>>> by default, disable them for sysvinit as well.
> >>>>
> >>>> why would anybody install these services without the desire for using
> >>>> them? Did the patch disabling them for systemd get merged by mistake? I
> >>>> remember Paul objecting to it.
> >>>
> >>> The samba is not a common service that required by system, especially in
> >>> some security environment, it should be configured correctly first -
> >>> This is why I incline to disable it by default.
> >>
> >> This doesn't convince me, as the line you're drawing between samba and
> >> other services seems to be chosen arbitrarily.
> >>
> >> "git grep INITSCRIPT_PARAMS.*disable" shows no results in both
> >> openembedded-core and meta-openembedded (dizzy). So samba will be the
> >> first and only service that's disabled by default and requires manual
> >> intervention by the user? Why don't you ship a safe configuration
> >> instead?
> >>
> >> As Paul stated, the distro is responsible for correct configuration.
> >> IMHO there's no reason to deviate from common behaviour just because
> >> samba seems to be less safe than any other network service in your view.
> >>
> > 
> > Ok, thanks for your advises, I agree with you.
> > 
> > Please maintainer ignore my patch.
> > 
> >>> Yes, it did - this may give me some hints that it should be disabled ...
> >>
> >> Unfortunately I don't understand what you're referring to here.
> > 
> > Sorry for the confusion, it answered you second question about if "the
> > patch disabling them for systemd get merged by mistake?".
> > 
> > Yes, the patch for systemd has been merged - It gives me hint that it's
> > a proper behavior for samba, but looks it isn't ...
> > 
> > Please refer to the commit: 20a624928c030fa13d8b7d45b4f4d7e1ac624f60
> > 
> > It should be reverted now!
> 
> You applied this patch to jansa/master. Would you mind reverting
> 20a624928c030fa13d8b7d45b4f4d7e1ac624f60 instead, as discussed in this
> thread?

It was applied there before this discussion started and I wasn't planing
to merge it before seeing some conclusion from this.

But you're right, I've moved it to jansa/master-next-unresolved-review
branch to make it more obvious and I've added revert of 20a624 to
master-next.

Thanks,

-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]