Sunday, 5 January 2014

Re: Include samba and libpam-smbpass by default in Ubuntu

On Sun, Jan 05, 2014 at 03:08:32AM +0000, Dimitri John Ledkov wrote:
> On 27 December 2013 00:59, [email protected]
> <[email protected]> wrote:
> > As suggested by a triager of a bug I reported on this issue, I'm bringing
> > this idea for discussion on this list. If this is the wrong place, feel free
> > to point me to the right one.
> >
> > When one tries to share a folder in the network via Nautilus for the
> > first time, a dialog asks for installation of two packages and then a
> > session restart is required. This used to make sense when we had only
> > the space in a CD, but now that Ubuntu doesn't fit in a CD anymore, it
> > makes sense to include these packages by default, so that no extra steps
> > or reboots are required to complete this task. Besides, this would
> > resolve a bug in Ubuntu 13.10 which prevents the installation of libpam-
> > smbpass via the GUI offered by Nautilus.
> >
>
> This is a good enough mailing list, but I guess hollidays are also
> affecting the response here. I haven't been in Ubuntu long enough to
> know if we used to ever have samba in the default install or not. I
> think we'd still want to fix the bug of installation, as users may not
> have it installed (e.g. if removed, or upgrading from previous
> versions of ubuntu under some conditions). And forwarding this email
> to a wider ubuntu-devel mailing list.
>
> In very busy networks, e.g. public wifi cafe, I think it will be
> undesirable to have samba installed and enabled out of the box, since
> it would be easy to leak / share things beyond what one intended to do
> "share on my home wifi, not cafe wifi" or otherwise performance
> impact.
>
> Also the "unlimited" cd size for desktop, is actually not entirely
> true once again. We are indeed >>700MB iso, as the media factor was no
> longer a relevant constraint. On the other hand we are still limitted
> on what ends up in the default installs due to ubuntu-touch and
> convergence. There are often hard limits, at times not that different
> from an iso size e.g. 900MB, as to what can be flashed on the devices
> and we have started to aim for ~200-300MB highly compressed base
> system tarballs, or use incremental system-image updates for ubuntu on
> touch devices.
>
> Do we or do we not want samba in the default install?
>
> --
> Regards,
>
> Dimitri.

Ubuntu has a no open port by default policy at least for the Desktop
installation. If you look at a default Ubuntu Desktop system the only
exceptions you should see to that rule are the DHCP client (which needs
to listen on udp/68) and avahi-daemon (which needs to listen on
udp/5353).

So having samba installed and running by default isn't an option and
would be a potential security risk for millions of systems which do not
need the service at all anyway.

I think having nautilus prompt the user for those packages to be
installed is perfectly reasonable, having to restart the session however
seems a bit odd to me and shouldn't be a requirement.

--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com