Re: Upstream fault? sshd re-chkconfiging

Thu, 21 Apr 2011 15:26:29 -0700 

On Thu, 21 Apr 2011, Robert E. Blair wrote:


I have noticed several times now that when sshd gets updated it
chkconfig's itself to start at boot.  I need sshd on my laptop for some
occasions when I run atlas tdaq software (which communicates via ssh),
but I do not care to have it on by default.  Whenever there is an update
of openssh-server the update does an "chkconfig --add sshd".  Should
this be reported as a bug to redhat?  I'm sure I'm not the only one who
finds this annoying and potentially insecure.


How are you disabling sshd in the first place?

If you are doing:

  chkconfig --del sshd


then you may well get this behaviour, but if you chckconfig it *off* then 
you won't.


A quick test on sl5 shows:

# chkconfig --list sshd
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
# chkconfig --del sshd
# chkconfig --list sshd

service sshd supports chkconfig, but is not referenced in any runlevel 
(run 'chkconfig --add sshd')

# chkconfig --add sshd
# chkconfig --list sshd
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
#
# chkconfig --level 123456 sshd off
# chkconfig --list sshd
sshd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
# chkconfig --add sshd
# chkconfig --list sshd
sshd            0:off   1:off   2:off   3:off   4:off   5:off   6:off

The man page for chkconfig warns about using --del to disable services:

...
       --del name
              The  service is removed from chkconfig management,
              and any symbolic  links  in  /etc/rc[0-6].d  which
              pertain to it are removed.

              Note that future package installs for this service
              may run chkconfig --add, which  will  re-add  such
              links.  To  disable  a service, run chkconfig name
              off.
...

In this case 'installs' can also include upgrades :-)

 -- Jon

--
/--------------------------------------------------------------------\
| "Computers are different from telephones.  Computers do not ring." |
|       -- A. Tanenbaum, "Computer Networks", p. 32                  |
---------------------------------------------------------------------|
| Jon Peatfield, _Computer_ Officer, DAMTP,  University of Cambridge |
| Mail:  [email protected]     Web:  http://www.damtp.cam.ac.uk/ |
\--------------------------------------------------------------------/






















					Reply via email to