-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi...
in the last couple weeks some people have asked about sharing internet
connections and setting up appropriate security measures on linux machines.
well, last night i decided to try out Mandrake 9 as a server. i've never used
it for a server before, just desktop stuff, so i was interested in how it
would do.
and it did wonderfully IMHO, and i would recommend it way above Red Hat for
new users looking to set up a server. why? well, connection sharing and
security are two good examples:
ICS: to set up internet connection sharing you go to the Mandrake Control
Center, click on Network and then click on Internet Connection Sharing. this
lets you launch a wizard that sets it up for you in 3 easy steps, 2 of which
are informative messages letting you know what it is about to do. couldn't be
simpler and it worked instantly. now, you can do this by hand of course, but
this is often more than a new user is ready to learn and more than a busy
person such as myself really cares to deal with.
Security settings: Sean Dockery commented how many UNIXes do things such as
put su in the wheel group, allowing you to easily control such things, and
noted that he hadn't noticed such settings. I replied that since such things
are really only appropriate for production servers with sensitive data on
them (for everyone else it's just a nuisance ;), most linux distros don't
ship with those defaults. Enter MDK9.... I hadn't played much w/Mandrake's
security level settings previously, but I decided this time to muck around a
bit. By setting the security level to "high", I could control on a
user-by-user basis who had access to rpm, su, /etc, service control and
more... you can even add your own rules. there is a nice GUI to manage all
this in the control center, but behind the scenes it works in a way that will
be most familiar to most UNIX admins: namely, su is owned by the wheel group,
and similar privsos are put on other resources.
so while MDK doesn't allow you to do anything you couldn't do on other distros
such as RH, it does make it painfully easy and quick.
and the install is quite small, too. w/out any desktop stuff (though i did
keep X on there so i can futz around with the control center tools some more)
it used 450MB of disk. with a bit of urpme'ing i got that down easily to
380MB. still not the slimmest of the slim, but not bad for a user friendly
distro. i'm sure if i ditched the X stuff it would've fallen close to, if not
under, 300MB.
the urpm[ieq] tools deffinitely made managing the software a breeze compared
to doing it with plain ol' rpm (much like doing things on debian w/out apt is
a bother)
caveats to MDK9:
o since their tools are written in perl and therefore a bit slow and prone to
the general shodiness of script language tools, it seems there are some race
conditions. you don't want to be multitasking admin jobs while using their
tools, otherwise you may end up hanging apps (e.g. i managed to stall the ICS
control panel this way and had to xkill it)
o rpmdrake doesn't show ALL the packages installed in the "remove software"
control panel. this was annoying since they install a bunch of useless stuff
like GNOME libs when i had not asked for them. i didn't want anything more
than X + icewm + the MDK utils. things like ORBit didn't show up in the
Remove Software panel, but did show up using rpm from the command line. i'm
sure there's a way to tweak this (i just haven't looked into it yet), but
it's a bit annoying that this is the default mode. bah.
o the text mode install is broken beyond belief. many of the steps get missed
over, parts of screens (explanatory text and options) are missing, it's
confusingly laid out, and there is no obvious way of backing up a step or
two. obviously this isn't a priority to MDK, which is unfortunate. i wouldn't
recommend installing MDK on a box that can't handle the GUI install mode. but
that's ok: i used the GUI install and the system is a paltry P90 w/32MB of
RAM and an S3 video card w/1MB of VRAM. not a hotrod, but perfect for a
firewall / fileserver. the GUI install worked beautifully w/out a hitch.
so i'd deffinitely recommend MDK9 to anyone looking to install and get
learning as it really eases the learning curve and shortens the time needed
to spend before having something useful...
- --
Aaron J. Seigo
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43
"Everything should be made as simple as possible, but not simpler"
- Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE+Kkxh1rcusafx20MRAnmrAJ9u5i/rQ96RCo6xI0QrErHR0+2XSACgippf
7VVvF1gesGk36vpGthVcsnw=
=qmeN
-----END PGP SIGNATURE-----
