LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

April 2011

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS April 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Upstream fault? sshd re-chkconfiging
From:	Jon Peatfield <[log in to unmask]>
Reply To:	Jon Peatfield <[log in to unmask]>
Date:	Thu, 21 Apr 2011 23:26:22 +0100
Content-Type:	TEXT/PLAIN
Parts/Attachments:	TEXT/PLAIN (65 lines)

On Thu, 21 Apr 2011, Robert E. Blair wrote:

> I have noticed several times now that when sshd gets updated it
> chkconfig's itself to start at boot.  I need sshd on my laptop for some
> occasions when I run atlas tdaq software (which communicates via ssh),
> but I do not care to have it on by default.  Whenever there is an update
> of openssh-server the update does an "chkconfig --add sshd".  Should
> this be reported as a bug to redhat?  I'm sure I'm not the only one who
> finds this annoying and potentially insecure.

How are you disabling sshd in the first place?

If you are doing:

   chkconfig --del sshd

then you may well get this behaviour, but if you chckconfig it *off* then 
you won't.

A quick test on sl5 shows:

# chkconfig --list sshd
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
# chkconfig --del sshd
# chkconfig --list sshd
service sshd supports chkconfig, but is not referenced in any runlevel 
(run 'chkconfig --add sshd')
# chkconfig --add sshd
# chkconfig --list sshd
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
#
# chkconfig --level 123456 sshd off
# chkconfig --list sshd
sshd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
# chkconfig --add sshd
# chkconfig --list sshd
sshd            0:off   1:off   2:off   3:off   4:off   5:off   6:off

The man page for chkconfig warns about using --del to disable services:

...
        --del name
               The  service is removed from chkconfig management,
               and any symbolic  links  in  /etc/rc[0-6].d  which
               pertain to it are removed.

               Note that future package installs for this service
               may run chkconfig --add, which  will  re-add  such
               links.  To  disable  a service, run chkconfig name
               off.
...

In this case 'installs' can also include upgrades :-)

  -- Jon

-- 
/--------------------------------------------------------------------\
| "Computers are different from telephones.  Computers do not ring." |
|       -- A. Tanenbaum, "Computer Networks", p. 32                  |
---------------------------------------------------------------------|
| Jon Peatfield, _Computer_ Officer, DAMTP,  University of Cambridge |
| Mail:  [log in to unmask]     Web:  http://www.damtp.cam.ac.uk/ |
\--------------------------------------------------------------------/

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV