Subject: | |
From: | |
Reply To: | |
Date: | Thu, 21 Apr 2011 23:26:22 +0100 |
Content-Type: | TEXT/PLAIN |
Parts/Attachments: |
|
|
On Thu, 21 Apr 2011, Robert E. Blair wrote:
> I have noticed several times now that when sshd gets updated it
> chkconfig's itself to start at boot. I need sshd on my laptop for some
> occasions when I run atlas tdaq software (which communicates via ssh),
> but I do not care to have it on by default. Whenever there is an update
> of openssh-server the update does an "chkconfig --add sshd". Should
> this be reported as a bug to redhat? I'm sure I'm not the only one who
> finds this annoying and potentially insecure.
How are you disabling sshd in the first place?
If you are doing:
chkconfig --del sshd
then you may well get this behaviour, but if you chckconfig it *off* then
you won't.
A quick test on sl5 shows:
# chkconfig --list sshd
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# chkconfig --del sshd
# chkconfig --list sshd
service sshd supports chkconfig, but is not referenced in any runlevel
(run 'chkconfig --add sshd')
# chkconfig --add sshd
# chkconfig --list sshd
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
#
# chkconfig --level 123456 sshd off
# chkconfig --list sshd
sshd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
# chkconfig --add sshd
# chkconfig --list sshd
sshd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
The man page for chkconfig warns about using --del to disable services:
...
--del name
The service is removed from chkconfig management,
and any symbolic links in /etc/rc[0-6].d which
pertain to it are removed.
Note that future package installs for this service
may run chkconfig --add, which will re-add such
links. To disable a service, run chkconfig name
off.
...
In this case 'installs' can also include upgrades :-)
-- Jon
--
/--------------------------------------------------------------------\
| "Computers are different from telephones. Computers do not ring." |
| -- A. Tanenbaum, "Computer Networks", p. 32 |
---------------------------------------------------------------------|
| Jon Peatfield, _Computer_ Officer, DAMTP, University of Cambridge |
| Mail: [log in to unmask] Web: http://www.damtp.cam.ac.uk/ |
\--------------------------------------------------------------------/
|
|
|