Rainer Heilke wrote: > I agree with Liane that recursive should _not_ be the default. This is a > security breach (or some other problem) waiting to happen. I think the risk > outweighs the convenience. If an admin forces the -r, he's shot himself in > the foot; SMF hasn't done it for him. And yes, another argument for chatty > output. But, like Liane, I don't want 30 pages. Just a:
As a security geek I don't quite agree. For example lets say we want to 'start' service A and that service should only be running if the firewall is running then recursive is actually what we want (assuming the user running 'start' on A is allowed to start the firewall service too). This is slightly similar to what would happen on MacOS X - if you enable sshd then the firewall is automatically started and opened up for sshd's port. However I could easily construct counter examples. I'm just pointing out that it isn't always a bad thing from a security view for recursive enable. -- Darren J Moffat
