On Sun, 12 Sep 2004 13:54:36 +0200, Kyrre Ness Sjobak <kyrre@xxxxxxxxxxxxxxxxxx> wrote: > But if nobody installs a ftpd without confing it, what bad would it do > to disable logins? What bad would it be if http came completely unconfigured? Or if sshd came completely unconfigured? Its not unreasonable for a service to come configured to do something, as soon as its in enabled. The subtle and competent use of reasonably sane defaults to provide commonly used reasonable safe(relative to the purpose and scope of the service being started) and consistent functionality is an art. In the case of ftp, password protected logins by default are just completely unsafe becuase ftp uses clear text authentication. That is clearly and utterly irresponsble if enabled by default, such a feature relies heavily on the network its exposed to being "trustable." We can debate, forever, whether its reasonably safe to enable anonymous user access by default for ftp. But to leave anon login for ftp unconfigured by default, that sets a precedent, to leave every service completely unconfigured to do NOTHING by default. And thats just not a reasonable expectation. If sshd can come preconfigured to do something, and httpd can come ccnfigured to do something... vsftpd can come configured to do something by default as well. And for ftp, the very restricted anonymous access vsftpd allows, seems a relatively safe option compared to all the other default configured to do something options for ftp. The bulk of this discussion is completely uninteresting.. but there have been hints about how to extend the functionality of system-config-* for more and more services. It would be interesting to see if there is any interest to extend firstboot in some way to be aware of each service package that was installed, and to think hard about the ui of presenting users with a list of services that are available and whether to enable it and maybe an option to configure each service that has a system-config tool associated with it. -jef
