Koozali.org: home of the SME Server

Legacy Forums => Suggestions => Topic started by: Elvin Murkle on May 22, 2001, 09:49:41 PM

Title: xfs, xinetd, djb tools - or "Making E-Smith 6.0 Unique&
Post by: Elvin Murkle on May 22, 2001, 09:49:41 PM

6.0 or 5.5 ;-)

OK ... a few things that are probably too much to expect like integrating some of the lowmac and capabilities stuff into the kernel (NSA patches??)  ... it would be nice to be able to designate adding and deleting users to a minion instead of having to be root. Some hackery with sudo is possible in a standard unix style perm system I guess but it would be really nice if I could create a series of admisns who are able to create users do admin stuff *without* being root ... even for an instant ;-)

More realistically:

It would be nice to have a JFS out of the box ... I say let xfs sit for a few months in the kernel ... start using it in house (hammer away) and then make it the default.
I've been using it since 0.90 and now at 1.0 with kernel 2.4 I have to say that XFS absolutely is a fantastic FS ... very slightly slower than e2fs I guess but faster in some areas too. ACL works with RAID and samba too (the permissions might even be mapable (the ACL API in kernel 2.4 hadn't solidified when I installed xfs but AFAIK the samba group was coordinating with several of the filesystem groups to get a standard API).  XFS is also very nice when you pull the plug .... especially with 80 gig filesystems ... 10 seconds to check and you're off.. The mix of standard unix group.user perms and ACLs is quite convenient . I feel all grown up like I'm using a *real* OS now ;-)

Xinetd is a simply much better implementation of inetd. The config files are discrete, easy to write (should fir well with esmithd configuration daemon), and can support all kinds of specific parameters all the tcpwrapper type stuff (esp if xinetd is linked against tcpwrapper libs); access control by interface and by ip; setting "nice" values, limiting instances ... it's simply excellent.

FTP daemons exist which are secure, easy to run chroot, etc. like "publicfile" (DJB tool) for anonymous ftp ... and

The djbtools like qmail, djbdns, daemontools (which restarts server apps when they fail) There may be some redistribution weirdness there but generally djb tools (including djbdns) simply will **ROCK** your world ..

By making some of these tools the defaults you'd be a unique distro and - with one fell swoop - you and your users won't have to worry about 90% of the CERT Unix oriented security warnings that deal with bind DNS, sendmail, ftp etc.
OpenSSH and pervasive crypto out of the box would help in this regard too ... including an easy way to create an encrypted partition for sensitive business data ... I'm so paranoid I want to run sshd chroot'ed ;-) ...

E-SMITH - PLEASE PRINT THIS OUT AND STICK IT ON THE WALL OF EVERYONE'S CUBICLE ;-) or at least discuss some of these points at a dev meetng.

Title: Making e-smith 4.1 unique (was Re: xfs, xinetd, djb tools -
Post by: Charlie Brady on May 22, 2001, 10:04:38 PM

Elvin Murkle wrote:

> I guess but it would be
> really nice if I could create a series of admisns who are
> able to create users do admin stuff *without* being root ...
> even for an instant ;-)

On the roadmap already.

> I've been using it since 0.90 and now at 1.0 with kernel 2.4
> I have to say that XFS absolutely is a fantastic FS ...

Also on the roadmap, although not on the immediate horizon.

> Xinetd is a simply much better implementation of inetd.

We agree, which is why we used it in version 4.1 and later. (We almost used it for version 4.0, but tried rlinetd instead - still getter than inetd.)
 
> The djbtools like qmail, djbdns, daemontools (which restarts
> server apps when they fail) There may be some redistribution
> weirdness there but generally djb tools (including djbdns)
> simply will **ROCK** your world ..

Um, we already use qmail and daemontools. djbdns is on the roadmap.

> OpenSSH and pervasive crypto out of the box would help in
> this regard too ...

Um, perhaps you haven't installed our software - we ship with openssh installed.

> ... or at least discuss some of these points at a dev meetng.

We already did :-)

Thanks for your interest and encouragement.

Regards

Charlie

Title: Re: Making e-smith 4.1 unique (was Re: xfs, xinetd, djb tool
Post by: Elvin Murkle on May 23, 2001, 12:20:33 AM

>> OpenSSH and pervasive crypto out of the box would help in
>> this regard too ...

> Um, perhaps you haven't installed our software - we ship with openssh installed.

Errm oops yeah that much is pretty good I guess "pervasive crypto" means as "much as possible" filesystems etc. ;-)

I've installed e-smith practically with my eyes closed ... and never noticed the djb tools (except qmail). djbdns is *nice* and simple - it's only a pain if you're already a BIND expert ...

>> ... or at least discuss some of these points at a dev meetng.

> We already did :-)

heh great! E-smith is ahead of it's customers!

One other thing would be inclusion of some of the new "ghost" clones and system imagers etc. perhaps as part of a install utilities suite of programs ? That way one could roll out e-smith to several servers and maybe use e-smith to install those commecial OSes or more desktop oriented linux distros ... Actually the Norton "ghost" clone could serve as backup software of a sort or for turning e-smith into a disk image storehouse for installing all kinds of OSes across a LAN ...  It's still sort of beta-ish (tried it after seing it on freshmeat).

Title: Re: xfs, xinetd, djb tools - or "Making E-Smith 6.0 Uni
Post by: Don Carrico on June 02, 2001, 11:20:15 AM

I agree.

Don Carrico

Title: Re: Making e-smith 4.1 unique (was Re: xfs, xinetd, djb tool
Post by: Looney Toons on January 27, 2003, 08:12:43 PM

Is djbdns any closer to the development suite? Recent attacks on DNS servers is making this more desirable.