FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 10-10-2012, 11:58 AM
Lennart Poettering
 
Default systemd requires HTTP server and serves QR codes

On Tue, 09.10.12 21:26, Matthew Miller (mattdm@fedoraproject.org) wrote:

> On Tue, Oct 09, 2012 at 05:19:59PM -0700, J. Randall Owens wrote:
> > Just on the naming, I'd rather steer clear of the actual concept, let me
> > get this straight: You want a group called "adm", presumably short for
> > "administrator", the point of which is that it can view system things,
> > but not actually *administer* them? Why on Earth call it "adm"?
>
> The group is already there, so it's not a big stretch, but I agree the
> naming is confusing when used in this way. ("wheel" isn't exactly
> straightforward either, but at least it's Traditional.)

As I already mentioned: "adm" has been around for along time, and has
been used in this context in Debian since about forever. We just adopted
the same logic in systemd that already made sense on Debian for a long
time.

In systemd we try to unify Linux a bit, part of that is to take
influences and be inspired by the various distros around. In this case
the Debian way made most sense to us, so we made it the default in
systemd, too.

Lennart

--
Lennart Poettering - Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 12:27 PM
Peter Robinson
 
Default systemd requires HTTP server and serves QR codes

On Wed, Oct 10, 2012 at 12:58 PM, Lennart Poettering
<mzerqung@0pointer.de> wrote:
> On Tue, 09.10.12 21:26, Matthew Miller (mattdm@fedoraproject.org) wrote:
>
>> On Tue, Oct 09, 2012 at 05:19:59PM -0700, J. Randall Owens wrote:
>> > Just on the naming, I'd rather steer clear of the actual concept, let me
>> > get this straight: You want a group called "adm", presumably short for
>> > "administrator", the point of which is that it can view system things,
>> > but not actually *administer* them? Why on Earth call it "adm"?
>>
>> The group is already there, so it's not a big stretch, but I agree the
>> naming is confusing when used in this way. ("wheel" isn't exactly
>> straightforward either, but at least it's Traditional.)
>
> As I already mentioned: "adm" has been around for along time, and has
> been used in this context in Debian since about forever. We just adopted
> the same logic in systemd that already made sense on Debian for a long
> time.
>
> In systemd we try to unify Linux a bit, part of that is to take
> influences and be inspired by the various distros around. In this case
> the Debian way made most sense to us, so we made it the default in
> systemd, too.

Maybe you could take more influences and be inspired by debian to
split some of the non core requirements of systemd off into some sub
packages so people can remove http, qrencode and possibly even the
journal if they so wished.

Peter
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 12:43 PM
Matthew Miller
 
Default systemd requires HTTP server and serves QR codes

On Wed, Oct 10, 2012 at 07:17:58PM +0800, Daniel Veillard wrote:
> > libxml2 takes up 5.2M, of which 3.8M is docs
> It really should go in -devel, I agree !

Check it out -- we've accomplished something with this thread.

--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@fedoraproject.org>
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 12:55 PM
Matthew Miller
 
Default systemd requires HTTP server and serves QR codes

On Wed, Oct 10, 2012 at 01:58:58PM +0200, Lennart Poettering wrote:
> > The group is already there, so it's not a big stretch, but I agree the
> > naming is confusing when used in this way. ("wheel" isn't exactly
> > straightforward either, but at least it's Traditional.)
> As I already mentioned: "adm" has been around for along time, and has
> been used in this context in Debian since about forever. We just adopted
> the same logic in systemd that already made sense on Debian for a long
> time.

Documented here:
<http://www.debian.org/doc/manuals/securing-debian-howto/ch12.en.html>

adm: Group adm is used for system monitoring tasks. Members of this group
can read many log files in /var/log, and can use xconsole.
/Historically, var/log was /usr/adm (and later /var/adm), thus the
/name of the group.

And as I mentioned, I don't mind making adm able to read the system messages
(assuming we address the authpriv issue and discuss and document the
change). It just should also use the wheel group to make sense with Fedora.

--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@fedoraproject.org>
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 02:15 PM
Simo Sorce
 
Default systemd requires HTTP server and serves QR codes

On Wed, 2012-10-10 at 13:58 +0200, Lennart Poettering wrote:
> On Tue, 09.10.12 21:26, Matthew Miller (mattdm@fedoraproject.org) wrote:
>
> > On Tue, Oct 09, 2012 at 05:19:59PM -0700, J. Randall Owens wrote:
> > > Just on the naming, I'd rather steer clear of the actual concept, let me
> > > get this straight: You want a group called "adm", presumably short for
> > > "administrator", the point of which is that it can view system things,
> > > but not actually *administer* them? Why on Earth call it "adm"?
> >
> > The group is already there, so it's not a big stretch, but I agree the
> > naming is confusing when used in this way. ("wheel" isn't exactly
> > straightforward either, but at least it's Traditional.)
>
> As I already mentioned: "adm" has been around for along time, and has
> been used in this context in Debian since about forever. We just adopted
> the same logic in systemd that already made sense on Debian for a long
> time.

It's very nice that debian uses this concept, but Fedora doesn't and had
stricter policies. Can you explain the rationale for relaxing them (esp.
wrt /var/log/secure aka authpriv.* messages)

> In systemd we try to unify Linux a bit, part of that is to take
> influences and be inspired by the various distros around. In this case
> the Debian way made most sense to us, so we made it the default in
> systemd, too.

Except this is a regression in the security model IMHO.

Note I am not saying it must not be done, but I want to understand if
there is any value on it or you just picked it 'because Debian'.

Simo.

--
Simo Sorce * Red Hat, Inc * New York

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 08:06 PM
"Richard W.M. Jones"
 
Default systemd requires HTTP server and serves QR codes

On Tue, Oct 09, 2012 at 10:58:45AM +0000, "Jhann B. Gumundsson" wrote:
> Like to me rsyslog since the journal is an integrated part of systemd.

Leaving aside the merits or otherwise of the journal, why does it need
to be part of systemd? Why not have it as a separate project?
(Perhaps requiring systemd, or as a plugin of systemd if it's really
needed.)

The init system and logging have always been two different things.

Rich.

--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 08:20 PM
Tomasz Torcz
 
Default systemd requires HTTP server and serves QR codes

On Wed, Oct 10, 2012 at 09:06:56PM +0100, Richard W.M. Jones wrote:
> On Tue, Oct 09, 2012 at 10:58:45AM +0000, "Jhann B. Gumundsson" wrote:
> > Like to me rsyslog since the journal is an integrated part of systemd.
>
> Leaving aside the merits or otherwise of the journal, why does it need
> to be part of systemd? Why not have it as a separate project?
> (Perhaps requiring systemd, or as a plugin of systemd if it's really
> needed.)
>
> The init system and logging have always been two different things.

The init system, sure. But what about platform-defining (and Linux-defining)
central daemon? We did not have such thing before.

--
Tomasz Torcz Morality must always be based on practicality.
xmpp: zdzichubg@chrome.pl -- Baron Vladimir Harkonnen

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 08:22 PM
Kay Sievers
 
Default systemd requires HTTP server and serves QR codes

On Wed, Oct 10, 2012 at 10:06 PM, Richard W.M. Jones <rjones@redhat.com> wrote:
> On Tue, Oct 09, 2012 at 10:58:45AM +0000, "Jhann B. Gumundsson" wrote:
>> Like to me rsyslog since the journal is an integrated part of systemd.
>
> Leaving aside the merits or otherwise of the journal, why does it need
> to be part of systemd? Why not have it as a separate project?
> (Perhaps requiring systemd, or as a plugin of systemd if it's really
> needed.)
>
> The init system and logging have always been two different things.

And init had never any idea what a service was doing after it
double-forked, it could never monitor it, could not tell much about
its current state, had no history about the behaviour, could not even
safely shut it down.

Systemd is a real service babysitter, and tracks everything across the
entire life time of all services; the logs are just integral part of
systemd's job. It also provides the kernel and userspace early boot
logging support, and the out-of-the-box service stdout/stderr logging
support; that's why the journal daemon is mandatory and not an add-on.

Kay
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 08:51 PM
Lennart Poettering
 
Default systemd requires HTTP server and serves QR codes

On Wed, 10.10.12 21:06, Richard W.M. Jones (rjones@redhat.com) wrote:

> On Tue, Oct 09, 2012 at 10:58:45AM +0000, "Jhann B. Gumundsson" wrote:
> > Like to me rsyslog since the journal is an integrated part of systemd.
>
> Leaving aside the merits or otherwise of the journal, why does it need
> to be part of systemd? Why not have it as a separate project?

They are tightly integrated. The journal can run very early at boot,
where very little else runs and integrates closely with systemd for
that. Also, systemd itself generates a lot of events for it, and queries
it too when necessary, for example in the "systemctl status" output. The
journal is implicitly augmented with systemd-specific data, for example
with fields declaring which systemd service is logging. Journald also is
responsible for handling stdout/stderr of all running services, and for
that is a dependency of the systemd process spawning logic. Hence
journald depends on systemd, and systemd on journald, and separating
makes no sense.

In other words: systemd and journald are separate enough from each other
to make them two processes, but way too integrated to separate them from
each other entirely and allow one running without the other.

> The init system and logging have always been two different things.

Yes, but this is hardly a reason to keep it that way. We have good
technical reasons to integrate them. I believe logging is an absolutely
essential part of service supervision. As such I believe no service
supervisor could ever be complete without tight integration with the
logging framework.

Lennart

--
Lennart Poettering - Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-10-2012, 11:29 PM
Jesse Keating
 
Default systemd requires HTTP server and serves QR codes

On 10/09/2012 07:25 PM, Simo Sorce wrote:

Can't you just you reinstall a package without the nodocs switch/conf in
place to get the docs land on disk ?


You probably also have to skip the scripts, which can have some
unintended consequences. Also it means downloading the entire package
set, not just the ones with docs. And it means hoping all the packages
you've installed are still available in whatever source you installed
them from.


Anyway, it's just not something I'd feel comfortable exposing in the
anaconda UI.


--
Jesse Keating
Fedora -- Freedom is a feature!
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 04:29 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org