services terrible!

Place to discuss Fedora and/or Red Hat
Post Reply
User avatar
Calum
guru
guru
Posts: 1348
Joined: Fri Jan 10, 2003 11:32 am
Location: Bonny Scotland
Contact:

services terrible!

Post by Calum » Fri Dec 29, 2006 4:21 pm

FC4:

I happened to notice the following services all running on my PC, which is a desktop machine, connected through a network interface card to an asdl router. It's the only machine attached to the router at the moment.

I just wanted to know if i can disable all of these services from now on:
apmd bluetooth cpuspeed mDNSResponder mdmonitor netfs nfs pcmcia portmap rpcgssd sshd

i also wondered about nfslock, rpcidmapd, sendmail and cups-config-daemon although i've left these running for now just in case.

also, psacct is not running, should it be?

also, that's quite a list of services there, and some of them are quite silly. why should pcmcia be running on a desktop PC with no pcmcia interface?

Ice9
guru
guru
Posts: 577
Joined: Thu Jan 09, 2003 12:40 am
Location: Belgium
Contact:

Post by Ice9 » Fri Dec 29, 2006 6:19 pm

If you don't use bluetooth devices you can definitely shut down that one.
For the rest I would shut down nfs and everything that's related (portmap, nfslock, rpcidmapd) if your desktop is a standalone system, if you actually use nfs shares on your lan it's a different story ...
pcmcia I would shut down too, and the rest doesn't mean that much to me honestly.

These are the daemons running on my box:

Code: Select all

Icebox:~# netstat -tap | grep LISTEN
tcp        0      0 *:902                 *:*                     LISTEN     3301/inetd
tcp        0      0 localhost:mysql    *:*                     LISTEN     3047/mysqld
tcp        0      0 *:auth                *:*                     LISTEN     3301/inetd
tcp        0      0 localhost:ipp       *:*                     LISTEN     3160/cupsd
tcp6       0      0 *:www               *:*                     LISTEN     3494/apache2
tcp6       0      0 *:ssh                 *:*                     LISTEN     3324/sshd
When I disabled the unnecessary services I made sure I didn't shut down more than one service I wasn't sure about at a time, and it's perfectly possible that there are still things running I don't really need like cupsd or inetd.

If you shut down only one daemon and you notice weird behavior you can always switch it back on, when you have to troubleshoot multiple daemons it can be gruesome.

User avatar
Calum
guru
guru
Posts: 1348
Joined: Fri Jan 10, 2003 11:32 am
Location: Bonny Scotland
Contact:

Post by Calum » Sat Dec 30, 2006 12:34 pm

well, i think i do need cupsd as a link between applications and my printer (i think i need it anyway) and i thought inetd was needed to maintain a connection to the outside world (which i do need to do), but considering i have no bluetooth or pcmcia hardware, you'd think having them set "on" by default would be a bit silly. why didn't fedora turn them off i wonder?

i don't use nfs now, and haven't in the past (all previous networking has been done with samba, awkward, yes but when other people run the other machines, and they have windows, what can i do?) but i daresay i can just turn the relevant services back on if i ever need them.

by the way i turned off all eleven of those services with no noticeable problems, makes me wonder right enough.

Ice9
guru
guru
Posts: 577
Joined: Thu Jan 09, 2003 12:40 am
Location: Belgium
Contact:

Post by Ice9 » Sat Dec 30, 2006 1:09 pm

I think at one point Void Main said something along the lines of "The first thing I do after a fresh install is trun inetd off" but I'm not sure anymore, it might even be at "the other place" ...

Have you tried printing without cupsd running?
It might be like ssh, you don't need to have sshd running to be able to connect to other machines, it's only needed when you want other machines to log on to yours through ssh.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Sun Dec 31, 2006 10:24 pm

I do go through and turn off all the services I will not use after a fresh install. Most of them really aren't hurting anything though because many of them are not actually daemons that run, but just things that are meant to take some action when the system boots or manage local devices, etc. For the rest iptables should filter any incoming connections unless you specifically opened some things up or disabled the iptables service.

Still, I like the habit of only starting/running things that I actually need to use. Some might claim that it would be better if the default was not to start anything and be forced to enable the things you need and while I agree there may be some things that I wouldn't start by default but I do understand why they are started by default.

User avatar
Calum
guru
guru
Posts: 1348
Joined: Fri Jan 10, 2003 11:32 am
Location: Bonny Scotland
Contact:

Post by Calum » Mon Jan 01, 2007 6:59 am

i don't really understand that, if there's no harm in simply having them turned on when they are needed, but off until then, then why not just include a little intelligent app with the distro that does exactly that?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Mon Jan 01, 2007 9:49 am

Calum wrote:i don't really understand that, if there's no harm in simply having them turned on when they are needed, but off until then, then why not just include a little intelligent app with the distro that does exactly that?
Can you give an example of what the "intelligent app" would do, as specifically as possible? I believe the reason they have certain services on by default is to make it easier on the new Linux user to get things working so as not to get frustrated and leave before even trying to learn why something isn't working for them. For the person that doesn't know that you need to have nfsd, portmapd, and mountd running and an entry in /etc/exports, a range of RPC ports and NFS tcp/udp ports open in the iptables configuration before they can get a directory shared via NFS. I'm not saying you or I are going to agree with that logic but that is the logic I think they are going on. That is the level of new user friendliness they wanted to implement. They are half way between a "Slackware" and an "Ubuntu" as far as this goes I believe.

P.S. Here is one way I check what services are on after a fresh install (after a "su -"):

Code: Select all

# chkconfig --list | grep :on
and here is an example of the way I turn the ones off I don't want running assuming I'm on a desktop machine and I'm never going to use nfs or any inetd services:

Code: Select all

# for i in bluetooth isdn nfs nfslock portmap rpcgssd rpcidmapd rpcsvcgssd xinetd
do
service $i stop
chkconfig $i off
done
Of course there is a GUI app to control the services called "system-config-services" for those who prefer to point and click their way. It also makes it easy to browse the services and read the little blurb explaining what it is (that comes from the top of the actual scripts in /etc/init.d). Now again, some of these so called "services" are not daemons that run continually but they are just there to start something if needed (if the hardware is in place etc). So in a way, some of these "services" are actually what I think you refer to as "intelligent apps" that will only start a daemon if needed on bootup. I only disable those kinds of services so as to make the boot process a few miliseconds faster. :)

User avatar
Calum
guru
guru
Posts: 1348
Joined: Fri Jan 10, 2003 11:32 am
Location: Bonny Scotland
Contact:

Post by Calum » Tue Jan 02, 2007 6:16 am

yes that's what i meant. if i haven't got any bluetooth or pcmcia hardware installed, then i think the "intelligent app" (which i suppose i am envisioning as a startup script) would notice that and wouldn't start the irrelevant services. Same with the other stuff. There are bound to be ways to have all the nfs stuff as "off" by default, but detect transparently whether they suddenly need to be turned on, by noticing that certain apps or commands are being run by the user et cetera.

It is possible that this extra script would use up more resource than some of the services, but there's security to consider also, even though i doubt having "bluetooth" running is a security problem, considering i have no bluetooth hardware. Still, to someone like me, with little real understanding of how this services business works, but doesn't want everything to be on by default (which, opinions notwithstanding, is the category i think most general users fall into) it's something they'll get concerned about if they suddenly find a bunch of stuff running the whole time that they don't know about.

Thanks for your comments about the commands, i was aware of the gui, but would prefer to know the command line, since as you know GUIs are not as standard from system to system, and they require a working and running X, which i don't like to have to rely on.

In my opinion, this sort of thing (the commands, and the explanation of the non-service services) should be in some sort of first time wizard instead of all that rubbish about setting up your kmail and choosing the colour of your menu bars or whatever.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Tue Jan 02, 2007 9:43 am

Those commands I used on the command line (service and chkconfig) are not standard across systems either. Just so you know.

Ice9
guru
guru
Posts: 577
Joined: Thu Jan 09, 2003 12:40 am
Location: Belgium
Contact:

Post by Ice9 » Tue Jan 02, 2007 11:11 am

Isn't sysv-rc-conf quite close to standard across systems?
The package exists for both red-hat and debian, so most of the systems should be able to use that ...

chkconfig and service are red-hat specific I think, aren't they?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Tue Jan 02, 2007 11:23 am

Actually if you want to be standard about it you would create the appropriate symbolic links yourself in /etc/rc?.d for the appropriate run levels which is really all any of these commands are doing. But then that would only be standard across distributions that use system 5 init (most) and not the bsd style init or other means of starting daemons.

Post Reply