Militantly FREE software support.
Militantly FREE software support.
NavigationUser loginSpam?See spam posts on this site? If so, please don't reply to the spam! Instead, just report the URL to the webmaster. |
Password file with over 3000 users.Hi All I have a server which runs with normal passwd/shadow/group/gshadow My requirements: - Must be pam compatible. - Most users have MD5 passwords, but some are still crypt passwords. I - I don't want to mess around with too much, so I must have real "Unix - Vanilla Debian "deb" packages. What alternatives should I consider? Thanks Ian -- Bookmark/Search this post with: |
Password file with over 3000 users.
2007/9/18, Ian :
> Hi All
>
> I have a server which runs with normal passwd/shadow/group/gshadow
> files. There are now over 3000 users and I am beginning to notice a
> performance slowdown and it is about time I looked for something more
> efficient - I like the idea of db or cdb database files.
>
> My requirements:
>
> - Must be pam compatible.
>
> - Most users have MD5 passwords, but some are still crypt passwords. I
> do not have ready access to the original plain text passwords.
>
> - I don't want to mess around with too much, so I must have real "Unix
> accounts" (UID's and home directories) for each user.
>
> - Vanilla Debian "deb" packages.
>
> What alternatives should I consider?
maybe pam-mysql ?
--
Wojciech Ziniewicz
Unix SEX :{look;gawk;find;sed;talk;grep;touch;finger;find;fl
ex;unzip;head;tail; mount;workbone;fsck;yes;gasp;fsck;more;yes;yes;eje
ct;umount;makeclean; zip;split;done;exit:xargs!!;)}
--
Password file with over 3000 users.
* Ian schrieb am 18.09.07 um 17:19 Uhr:
> Hi All
>
> I have a server which runs with normal passwd/shadow/group/gshadow
> files. There are now over 3000 users and I am beginning to notice a
> performance slowdown and it is about time I looked for something more
> efficient - I like the idea of db or cdb database files.
>
> My requirements:
>
> - Must be pam compatible.
>
> - Most users have MD5 passwords, but some are still crypt passwords. I
> do not have ready access to the original plain text passwords.
>
> - I don't want to mess around with too much, so I must have real "Unix
> accounts" (UID's and home directories) for each user.
>
> - Vanilla Debian "deb" packages.
>
> What alternatives should I consider?
Installing nscd might be worth a try.
I *can* speedup your system.
And you do not need to change anything (IIRC) on your system to make
it work.
-Marc
--
+-O . . . o . . . O . . . o . . . O . . . ___ . . . O . . . o .-+
| Ein Service von Links2Linux.de: / o\ RPMs for SuSE |
| --> PackMan! <-- naeheres unter | __| and others |
| http://packman.links2linux.de/ . . . O \__\ . . . O . . . O . |
--
Password file with over 3000 users.
Hello,
Marc Schiffbauer a écrit (Tue, Sep 18, 2007 at 06:24:34PM +0200) :
> Installing nscd might be worth a try.
> I *can* speedup your system.
nscd *sigh* ... As we use LDAP, we need this beast that crashes
happily several times a day.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344563
We need a every-5' cronjob to restart it if it has disappeared.
rm -f /var/db/nscd/*; /etc/init.d/nscd start
In other words: I can't really recommend nscd.
YMMV.
--
Emmanuel Halbwachs
Resp. Réseau/Sécurité Observatoire de Paris-Meudon
tel : (+33)1 45 07 75 54 5 Place Jules Janssen
fax : (+33)1 45 07 76 13 F 92195 MEUDON CEDEX
--
Password file with over 3000 users.
Emmanuel Halbwachs wrote:
> Hello,
>
> Marc Schiffbauer a écrit (Tue, Sep 18, 2007 at 06:24:34PM +0200) :
>
>> Installing nscd might be worth a try.
>> I *can* speedup your system.
>>
>
> nscd *sigh* ... As we use LDAP, we need this beast that crashes
> happily several times a day.
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344563
>
> We need a every-5' cronjob to restart it if it has disappeared.
>
> rm -f /var/db/nscd/*; /etc/init.d/nscd start
>
> In other words: I can't really recommend nscd.
> YMMV.
>
>
I've managed several OpenLDAP setups, with nscd and several thousand
users, the key is to properly configure nscd, which needs a properly
sized hash table to operate.
/etc/nscd.conf has a suggested-size parameter for passwd, it should be a
prime number, we chose a number bigger than twice the size of our
expected user base. Its default is 211, which is too small for lots of
users.
This way, nscd usually stops failing (usually, it can fail if you set
it up for more databases than needed, like hosts). You can use the
bsdgames "primes" program to get the hash size.
--
Hector Gonzalez
Password file with over 3000 users.
--On September 18, 2007 6:41:10 PM +0200 Emmanuel Halbwachs
wrote:
> Hello,
>
> Marc Schiffbauer a écrit (Tue, Sep 18, 2007 at 06:24:34PM +0200) :
>> Installing nscd might be worth a try.
>> I *can* speedup your system.
>
> nscd *sigh* ... As we use LDAP, we need this beast that crashes
> happily several times a day.
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344563
We're experieincing occasional nscd crashes in our newest etch based
systems, but never in the older ones. and the fact that nscd is doing any
sort of persistence bugs me too, it shouldn't. when it crashes on our
webservers the slapd then starts to work really really hard keeping up with
all the requests.
>
> We need a every-5' cronjob to restart it if it has disappeared.
>
> rm -f /var/db/nscd/*; /etc/init.d/nscd start
>
> In other words: I can't really recommend nscd.
> YMMV.
>
> --
> Emmanuel Halbwachs
> Resp. Réseau/Sécurité Observatoire de Paris-Meudon
> tel : (+33)1 45 07 75 54 5 Place Jules Janssen
> fax : (+33)1 45 07 76 13 F 92195 MEUDON CEDEX
>
>
> --
Password file with over 3000 users.
Hi
Ian schrieb:
> ...
> - Must be pam compatible.
>
> - Most users have MD5 passwords, but some are still crypt passwords. I
> do not have ready access to the original plain text passwords.
>
> - I don't want to mess around with too much, so I must have real "Unix
> accounts" (UID's and home directories) for each user.
>
> - Vanilla Debian "deb" packages.
>
> What alternatives should I consider?
Ever thougt about using LDAP? I do not have an installation that is as
big as yours (only about 800 users), but I have no problems with
performance and the server is not the fastest. home directorys are even
exported with nfs and samba PDC with LDAP and Samba for a M$ Domain) is
doing its job too on this box.
best regards
Bernd
_____________________________________________________________________
--
Password file with over 3000 users.
--On September 18, 2007 5:19:15 PM +0200 Ian wrote:
> Hi All
>
> I have a server which runs with normal passwd/shadow/group/gshadow
> files. There are now over 3000 users and I am beginning to notice a
> performance slowdown and it is about time I looked for something more
> efficient - I like the idea of db or cdb database files.
You've got two issues to solve here. Authentication you actually have more
options than UID/Groups mapping which is controlled by the name service
swith library, libnss. LDAP can solve both using libnss-ldap, modifying
/etc/ldap.conf and /etc/nsswitch.conf and then importing your passwd file
into LDAP. That's actually what we use here, though we modified the
'stock' LDAP configuration to allow a substr index on one of the fields
that normally isn't allowed by the LDAP schema. It was causing the LDAP
servers to thrash. The solution is seamless to the users, the LDAP system
supports crypt or md5 based passwords as normal since the password calls,e
tc, are all handled via the normal pam_unix library via libnss, which is
exactly how it does it anyway. The only difference is where it's obtaining
the users.
There also might be a way (and i haven't looke dinto this) to get Linux to
use a GDB/BDB passwd.db like *BSD's do.
>
> My requirements:
>
> - Must be pam compatible.
>
> - Most users have MD5 passwords, but some are still crypt passwords. I
> do not have ready access to the original plain text passwords.
>
> - I don't want to mess around with too much, so I must have real "Unix
> accounts" (UID's and home directories) for each user.
>
> - Vanilla Debian "deb" packages.
>
> What alternatives should I consider?
>
> Thanks
>
>
> Ian
>
>
> --
Password file with over 3000 users.
On Tue, Sep 18, 2007 at 05:19:15PM +0200, Ian wrote:
> I have a server which runs with normal passwd/shadow/group/gshadow
> files. There are now over 3000 users and I am beginning to notice a
> performance slowdown and it is about time I looked for something more
> efficient - I like the idea of db or cdb database files.
>
> My requirements:
>
> - Must be pam compatible.
>
> - Most users have MD5 passwords, but some are still crypt passwords. I
> do not have ready access to the original plain text passwords.
>
> - I don't want to mess around with too much, so I must have real "Unix
> accounts" (UID's and home directories) for each user.
>
> - Vanilla Debian "deb" packages.
>
> What alternatives should I consider?
if you have the libnss-db package (part of nsswitch) installed, you have
everything you need already.
nsswitch.conf allows you to specify "db" as one of the sources for
passwd, shadow, group, and other files. they are read from a Berkeley
db file in /var/lib/misc (i.e. a quick indexed lookup rather than a
sequential search).
there is also a Makefile in /var/lib/misc for generating the .db versions.
to set up:
1. edit /etc/nsswitch.conf and insert the word "db" into the lines that you
want to use the db module.
e.g. change this:
passwd: compat
group: compat
shadow: compat
to this:
passwd: db compat
group: db compat
shadow: db compat
2. edit /etc/default/libnss-db to tell it which dbs to generate.
3. run "cd /var/lib/misc ; make"
4. set up a cron job (to run, say, every 5 minutes) to run the commands
in step 3 (i.e. "cd /var/lib/misc ; make"). you probably want to
redirect stdout and stderr to /dev/null so that root's mail doesn't get
flooded with make's output (mostly "make: Nothing to be done for `all'."
unless passwd,group, or shadow have changed)
see /usr/share/doc/libnss-db and other related documentation for more info.
NOTE: LDAP is also a good alternative, but a *LOT* more work to set up.
libnss-db is a simple way to speed up what already works by putting the
passwd etc files into hashed database files.
craig
PS: this works. i did this several years ago on one server when the number of
accounts grew to about 5000. there is one small catch - with the cron job
running every 5 minutes, there is a small window of time when the source files
in /etc have been updated but the .db versions haven't been regenerated yet.
the nsswitch.conf file will check both the db and the original source files in
order, so it does not prevent new accounts from logging in. for account
deletions, however, the deleted account will still work until the .db files
are regenerated. similarly, password changes will not take effect
immediately.
actually, it's been years - i can't remember if only the old password
(in /var/lib/misc/shadow.db) works, or if both the old (shadow.db) and
new (/etc/shadow) password will work. either way, that's only until the
cron job runs make again (i.e. at most, up to 5 minutes. or less if you
have cron run make more frequently).
if you have written scripts to assist with account
creation/deletion/changing, you could easily modify them to run "cd
/var/lib/misc ; make" after any change, thus eliminating the delay.
you still want the cron job, though, in case there are other ways for a
password to be changed - shell login by users or poppassd or samba, for
instance.
--
craig sanders
--
Password file with over 3000 users.
--On September 19, 2007 9:35:50 AM +1000 Craig Sanders
wrote:
>
> NOTE: LDAP is also a good alternative, but a *LOT* more work to set up.
> libnss-db is a simple way to speed up what already works by putting the
> passwd etc files into hashed database files.
I will totally agree there and for a single system LDAP can be severe
overkill. libnss-db is exactly what i was mentioning in my just previous
email.
>
>
> craig
>
> PS: this works. i did this several years ago on one server when the
> number of accounts grew to about 5000. there is one small catch - with
> the cron job running every 5 minutes, there is a small window of time
> when the source files in /etc have been updated but the .db versions
> haven't been regenerated yet.
>
> the nsswitch.conf file will check both the db and the original source
> files in order, so it does not prevent new accounts from logging in. for
> account deletions, however, the deleted account will still work until the
> .db files are regenerated. similarly, password changes will not take
> effect immediately.
>
> actually, it's been years - i can't remember if only the old password
> (in /var/lib/misc/shadow.db) works, or if both the old (shadow.db) and
> new (/etc/shadow) password will work. either way, that's only until the
> cron job runs make again (i.e. at most, up to 5 minutes. or less if you
> have cron run make more frequently).
>
> if you have written scripts to assist with account
> creation/deletion/changing, you could easily modify them to run "cd
> /var/lib/misc ; make" after any change, thus eliminating the delay.
>
> you still want the cron job, though, in case there are other ways for a
> password to be changed - shell login by users or poppassd or samba, for
> instance.
>
>
>
> --
> craig sanders
>
>
> --
Password file with over 3000 users.
Craig Sanders wrote:
> 4. set up a cron job (to run, say, every 5 minutes) to run the
> commands
> in step 3 (i.e. "cd /var/lib/misc ; make"). you probably want to
> redirect stdout and stderr to /dev/null so that root's mail doesn't
> get flooded with make's output (mostly "make: Nothing to be done for
> `all'." unless passwd,group, or shadow have changed)
This is what I added to my /etc/crontab file:
*/5 * * * * root cd /var/lib/misc && make | grep -v "make: Nothing to
be done for .all."
If changes do occur, then I will see output from them, although the output
doesn't seem that meaningful -- as in you don't see which user changed
his/her password....
Kind Regards
AndrewM
Andrew McGlashan
Broadband Solutions now including VoIP
Current Land Line No: 03 9912 0504
Mobile: 04 2574 1827 Fax: 03 8790 1224
National No: 1300 85 3804
Affinity Vision Australia Pty Ltd
http://www.affinityvision.com.au
http://adsl2choice.net
In Case of Emergency -- http://www.affinityvision.com.au/ice.html
--
Password file with over 3000 users.
Craig Sanders wrote:
> if you have the libnss-db package (part of nsswitch) installed, you have
> everything you need already.
Thanks. This is exactly what I need. I actually found this and got it
running shortly after I posted my original message. Everything is in
Debian - except the documentation!
My setup is pretty much exactly as you recommend.
> PS: this works. i did this several years ago on one server when the number of
> accounts grew to about 5000. there is one small catch - with the cron job
> running every 5 minutes, there is a small window of time when the source files
> in /etc have been updated but the .db versions haven't been regenerated yet.
Just one small addition.
I added this line to end of our /usr/local/sbin/adduser.local
[ -e /var/lib/misc/Makefile ] && cd /var/lib/misc/ && make
And I have a cron job which runs the same command once per hour to
effect deletions and account locking etc.
I will have to look into controlling the cron spam.
We actually use this password file across a couple of servers with a
cron job that copies it across with rsync every 5 minutes. At some stage
I must look at a SQL or LDAP based solution. I originally chose the
rsync because each server can run on its own if one goes down and there
are no performance issues. But libpam-ccreds and nss-updatedb appear to
offer the same functionality when coupled with ldap.
We already have a postgresql backend for our radius server, would it be
better to run SQL -> LDAP -> nss or go directly from SQL -> nss?
Thanks
Ian
--
Password file with over 3000 users.
On Fri, Sep 21, 2007 at 12:02:23AM +0200, Ian wrote:
> Craig Sanders wrote:
>
> > if you have the libnss-db package (part of nsswitch) installed, you have
> > everything you need already.
>
> Thanks. This is exactly what I need. I actually found this and got it
> running shortly after I posted my original message. Everything is in
> Debian - except the documentation!
AFAIK, there isn't any documentation. certainly not any step-by-step howto.
it's one of the many things that IF you know about it, it's easy to
figure out. the difficult part is finding out about it in the first
place.
> I will have to look into controlling the cron spam.
append ">/dev/null 2>&1" to the cron job. IMO, the output of that
Makefile isn't ever interesting enough to care about (and if there's a
problem, you'll notice it long before you read root's mail).
> We actually use this password file across a couple of servers with a
> cron job that copies it across with rsync every 5 minutes. At some
> stage I must look at a SQL or LDAP based solution. I originally chose
> the rsync because each server can run on its own if one goes down and
> there are no performance issues. But libpam-ccreds and nss-updatedb
> appear to offer the same functionality when coupled with ldap.
>
> We already have a postgresql backend for our radius server, would it
> be better to run SQL -> LDAP -> nss or go directly from SQL -> nss?
can't say. personally, i tend to avoid making web/mail/shell/etc servers
dependant on an SQL server for authentication (especially if it's
mysql). i'd be more inclined to use LDAP and have an LDAP slave on
every server that needs it.
SQL servers are useful, but i just don't trust them the way i trust
plain text files.
even where i've stored, e.g., postfix maps in postgresql, i've always
set them up so that the postgresql table is dumped (by cron job) to
a plain text file and made into a hashed db file - that way the mail
server will keep on working even if the postgresql server is down or
unreachable or overloaded.
the trick to that is using a timestamp table auto-updated by a trigger
when anything in the database is changed - that way you can avoid
regenerating the hash maps when nothing has changed (i.e. the same idea
as timestamp dependancies in Make).
craig
--
craig sanders
--
Password file with over 3000 users.
Craig Sanders wrote:
> On Fri, Sep 21, 2007 at 12:02:23AM +0200, Ian wrote:
>> We actually use this password file across a couple of servers with a
>> cron job that copies it across with rsync every 5 minutes. At some
>> stage I must look at a SQL or LDAP based solution. I originally chose
>> the rsync because each server can run on its own if one goes down and
>> there are no performance issues. But libpam-ccreds and nss-updatedb
>> appear to offer the same functionality when coupled with ldap.
>>
>> We already have a postgresql backend for our radius server, would it
>> be better to run SQL -> LDAP -> nss or go directly from SQL -> nss?
Why the hell would you bother with LDAP? 3000 users is really not a lot,
and for sure, SQL can handle the dump of 3000 entries every X minutes.
> SQL servers are useful, but i just don't trust them the way i trust
> plain text files.
>
> even where i've stored, e.g., postfix maps in postgresql, i've always
> set them up so that the postgresql table is dumped (by cron job) to
> a plain text file and made into a hashed db file - that way the mail
> server will keep on working even if the postgresql server is down or
> unreachable or overloaded.
>
> the trick to that is using a timestamp table auto-updated by a trigger
> when anything in the database is changed - that way you can avoid
> regenerating the hash maps when nothing has changed (i.e. the same idea
> as timestamp dependancies in Make).
>
> craig
100% agree with that technique, and what has been said above, this is
what we did in our control panel too.
Also, I'd like to add that this dump should be atomic (eg: if the dump
fails, switch back to the previous dump). We didn't do it yet, but it's
still on our todo, and this is very important.
Thomas
--
Password file with over 3000 users.
--On September 21, 2007 12:02:23 AM +0200 Ian wrote:
> Craig Sanders wrote:
>
>> if you have the libnss-db package (part of nsswitch) installed, you have
>> everything you need already.
>
> Thanks. This is exactly what I need. I actually found this and got it
> running shortly after I posted my original message. Everything is in
> Debian - except the documentation!
>
> My setup is pretty much exactly as you recommend.
>
>> PS: this works. i did this several years ago on one server when the
>> number of accounts grew to about 5000. there is one small catch - with
>> the cron job running every 5 minutes, there is a small window of time
>> when the source files in /etc have been updated but the .db versions
>> haven't been regenerated yet.
>
> Just one small addition.
>
> I added this line to end of our /usr/local/sbin/adduser.local
>
> [ -e /var/lib/misc/Makefile ] && cd /var/lib/misc/ && make
>
> And I have a cron job which runs the same command once per hour to
> effect deletions and account locking etc.
>
> I will have to look into controlling the cron spam.
2>&1 > /dev/null to end of command line.
>
> We actually use this password file across a couple of servers with a
> cron job that copies it across with rsync every 5 minutes. At some stage
> I must look at a SQL or LDAP based solution. I originally chose the
> rsync because each server can run on its own if one goes down and there
> are no performance issues. But libpam-ccreds and nss-updatedb appear to
> offer the same functionality when coupled with ldap.
>
> We already have a postgresql backend for our radius server, would it be
> better to run SQL -> LDAP -> nss or go directly from SQL -> nss?
Up to you to me it seems simplest to run LDAP via it's builtin
bdb/ldbm/gdbm facilities. You can run replica slaves on the other
machines. It's what we do here. We're working on improving security by
doing authentication in a different method so we're not syncing auth
information elsewhere but have account data available everywhere. (we've
something like 10 webservers that each have LDAP slaves, another like 5 or
6 mail servers, etc).
You also have to be careful not to get service dependencies (like you need
to make sure your mysql and ldap server daemons users aren't in LDAP) when
you start making services depend on eachother.
--
Password file with over 3000 users.
Quoting Michael Loftis :
>> I will have to look into controlling the cron spam.
>
> 2>&1 > /dev/null to end of command line.
Actually, it's the other way around:
> /dev/null 2>&1
You first have to redirect STDOUT, then tell STDERR to go to STDOUT...
--
Password file with over 3000 users.
Turbo Fredriksson wrote:
> Quoting Michael Loftis :
>
>>> I will have to look into controlling the cron spam.
>> 2>&1 > /dev/null to end of command line.
> Actually, it's the other way around:
>
>> /dev/null 2>&1
>
> You first have to redirect STDOUT, then tell STDERR to go to STDOUT...
I've heard that before many times, but the reverse has never failed me.
Kind Regards
AndrewM
Andrew McGlashan
Broadband Solutions now including VoIP
Current Land Line No: 03 9912 0504
Mobile: 04 2574 1827 Fax: 03 8790 1224
National No: 1300 85 3804
Affinity Vision Australia Pty Ltd
http://www.affinityvision.com.au
http://adsl2choice.net
In Case of Emergency -- http://www.affinityvision.com.au/ice.html
--
Password file with over 3000 users.
> Turbo Fredriksson wrote:
> >Actually, it's the other way around:
> >
> >>/dev/null 2>&1
> >
> >You first have to redirect STDOUT, then tell STDERR to go to STDOUT...
On 21.09.07 17:55, Andrew McGlashan wrote:
> I've heard that before many times, but the reverse has never failed me.
But that does not mean it is correct. At least it's probably not what you
wanted to do...
> >>2>&1 > /dev/null to end of command line.
this will redirect stderr to stdout, and then stdout to /dev/null, but
stderr will still be directed to the file stdout was directed to.
only (t)csh redirection >& or |& will redirect both stdout and stderr
together. you can't do that in (da)sh/bash/ksh
--
Matus UHLAR - fantomas, ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
--
Password file with over 3000 users.
On Fri, Sep 21, 2007 at 10:53:35AM +0200, Matus UHLAR - fantomas wrote:
> only (t)csh redirection >& or |& will redirect both stdout and stderr
> together. you can't do that in (da)sh/bash/ksh
In bash you can use the '&>' redirect as an alias to both stdout and
stderr.
Marcin
--
+---------------------------------------+
| -o) http://wanted.eu.org/
| /\\ Message void if penguin violated
+ _\_V Don't mess with the penguin
--
Password file with over 3000 users.
Marcin Sochacki wrote:
> On Fri, Sep 21, 2007 at 10:53:35AM +0200, Matus UHLAR - fantomas wrote:
>> only (t)csh redirection >& or |& will redirect both stdout and stderr
>> together. you can't do that in (da)sh/bash/ksh
>
> In bash you can use the '&>' redirect as an alias to both stdout and
> stderr.
>
> Marcin
But the reference for Debian is sh, not bash... (at least when writing
packages).
Thomas
--
Password file with over 3000 users.
On Fri, Sep 21, 2007 at 09:56:29PM +0800, Thomas Goirand wrote:
> Marcin Sochacki wrote:
> > On Fri, Sep 21, 2007 at 10:53:35AM +0200, Matus UHLAR - fantomas wrote:
> >> only (t)csh redirection >& or |& will redirect both stdout and stderr
> >> together. you can't do that in (da)sh/bash/ksh
> >
> > In bash you can use the '&>' redirect as an alias to both stdout and
> > stderr.
> >
> > Marcin
>
> But the reference for Debian is sh, not bash... (at least when writing
> packages).
I know, but the message I replied to specifically mentioned bash.
Marcin
--
+---------------------------------------+
| -o) http://wanted.eu.org/
| /\\ Message void if penguin violated
+ _\_V Don't mess with the penguin
--
RE: Password file with over 3000 users.
> > You first have to redirect STDOUT, then tell STDERR to go to
> STDOUT...
>
> I've heard that before many times, but the reverse has never failed me.
>
Hmm. You've never been in the situation where it's been important,
then.
These commands give different results, and guess which one outputs
nothing!
ls file-that-does-not-exist 2>&1 >/dev/null
ls file-that-does-not-exist >/dev/null 2>&1
Peter K.
------------------------------------------------------------------------
Peter Klavins Datalon SrL
Viale Giuseppe Mazzini 114/A
Mobile +39 339 801 4246 Fax +39 06 233 297 037 00195 Roma RM Italy
> -----Original Message-----
> From: Andrew McGlashan [mailto:andrew.mcglashan@affinityvision.com.au]
> Sent: Friday, 21 September 2007 9:56 AM
> To: Turbo Fredriksson;
> Subject: Re: Password file with over 3000 users.
>
> Turbo Fredriksson wrote:
> > Quoting Michael Loftis :
> >
> >>> I will have to look into controlling the cron spam.
> >> 2>&1 > /dev/null to end of command line.
> > Actually, it's the other way around:
> >
> >> /dev/null 2>&1
> >
> > You first have to redirect STDOUT, then tell STDERR to go to
> STDOUT...
>
> I've heard that before many times, but the reverse has never failed me.
>
> Kind Regards
> AndrewM
>
> Andrew McGlashan
> Broadband Solutions now including VoIP
>
> Current Land Line No: 03 9912 0504
> Mobile: 04 2574 1827 Fax: 03 8790 1224
>
> National No: 1300 85 3804
>
> Affinity Vision Australia Pty Ltd
> http://www.affinityvision.com.au
> http://adsl2choice.net
>
> In Case of Emergency -- http://www.affinityvision.com.au/ice.html
>
>
> --
Password file with over 3000 users.
Peter Klavins wrote:
> Hmm. You've never been in the situation where it's been important,
> then.
>
> These commands give different results, and guess which one outputs
> nothing!
You are right, I was wrong. In fact I do normally send STDOUT to a file
then send STDERR there too.
Kind Regards
AndrewM
Andrew McGlashan
Broadband Solutions now including VoIP
--
Password file with over 3000 users.
On Fri, Sep 21, 2007 at 05:55:50PM +1000, Andrew McGlashan wrote:
> Turbo Fredriksson wrote:
>> Quoting Michael Loftis :
>>>> I will have to look into controlling the cron spam.
>>> 2>&1 > /dev/null to end of command line.
>> Actually, it's the other way around:
>>> /dev/null 2>&1
>> You first have to redirect STDOUT, then tell STDERR to go to STDOUT...
>
> I've heard that before many times, but the reverse has never failed me.
depends on what you want.
if you want both stderr and stdout to go to /dev/null then ">/dev/null 2>&1"
if you want stdout to go to /dev/null and stderr to go to whereever stdout
used to go to, then "2>&1 >/dev/null"
in other words, the "2>&1" redirects stderr (file descriptor 2) to
whereever stdout (file descriptor 1) *currently* (at the instant of the
redirection) goes.
so, when redirecting both, the order of redirections is significant.
craig
--
craig sanders
Democracy is also a form of worship. It is the worship of Jackals by Jackasses.
-- H. L. Mencken
--
Password file with over 3000 users.
--On September 21, 2007 9:38:22 AM +0200 Turbo Fredriksson
wrote:
> Quoting Michael Loftis :
>
>>> I will have to look into controlling the cron spam.
>>
>> 2>&1 > /dev/null to end of command line.
>
> Actually, it's the other way around:
>
> > /dev/null 2>&1
>
> You first have to redirect STDOUT, then tell STDERR to go to STDOUT...
You're right. I never noticed all my scripts I do it the other way around
but when I wrote that email I wrote it the wrong way.
--
Password file with over 3000 users.
On Fri, Sep 21, 2007 at 07:26:56PM +0200, Martin Marcher wrote:
> 2007/9/21, Thomas Goirand :
> > But the reference for Debian is sh, not bash... (at least when writing
> > packages).
>
> why is it then that /bin/sh is /bin/bash after a plain install of
> about every stable version i had by now?
whatever the default sh is (bash), debian's policy says that init.d
etc shell scripts must not use any bash-isms. i.e. they must be
POSIX-compliant so they will work if you replace[1] /bin/sh with
ash/dash.
but that only applies to debian packages, not to whatever you write for
yourself.
[1] i doubt if anyone actually does that or cares any more. there arent
many (any?) systems being built where the extra disk-space, memory etc
used by bash compared to ash actually make any difference at all.
craig
--
craig sanders
--
Password file with over 3000 users.
This one time, at band camp, Craig Sanders said:
> On Fri, Sep 21, 2007 at 07:26:56PM +0200, Martin Marcher wrote:
> > 2007/9/21, Thomas Goirand :
> > > But the reference for Debian is sh, not bash... (at least when writing
> > > packages).
> >
> > why is it then that /bin/sh is /bin/bash after a plain install of
> > about every stable version i had by now?
>
> whatever the default sh is (bash), debian's policy says that init.d
> etc shell scripts must not use any bash-isms. i.e. they must be
> POSIX-compliant so they will work if you replace[1] /bin/sh with
> ash/dash.
This is only true if the shebang is /bin/sh - you are of course free to
write maintainer scripts with /bin/bash as the shebang, just as your
free to write perl scripts for your maintainer scripts. That being
said, there is a push for dash to replace bash as the dfeault
non-interactive shell for lenny.
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
Password file with over 3000 users.
On Sep 21, 2007, at 5:12 PM, Stephen Gran wrote:
> This is only true if the shebang is /bin/sh - you are of course
> free to
> write maintainer scripts with /bin/bash as the shebang, just as your
> free to write perl scripts for your maintainer scripts. That being
> said, there is a push for dash to replace bash as the dfeault
> non-interactive shell for lenny.
Why? Just to be annoyingly different from every other distro
(again)? Or is there a very compelling technical reason?
--
Nate Duehr
--
Password file with over 3000 users.
This one time, at band camp, Nate Duehr said:
>
> On Sep 21, 2007, at 5:12 PM, Stephen Gran wrote:
>
> >This is only true if the shebang is /bin/sh - you are of course
> >free to
> >write maintainer scripts with /bin/bash as the shebang, just as you're
> >free to write perl scripts for your maintainer scripts. That being
> >said, there is a push for dash to replace bash as the default
> >non-interactive shell for lenny.
>
> Why? Just to be annoyingly different from every other distro
> (again)? Or is there a very compelling technical reason?
Presumably because its load and run time is less than bash's. The idea,
as far as I have followed the discussion, is that this will make boot
time faster.
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
Password file with over 3000 users.
On Sun, Sep 23, 2007 at 01:29:39PM +0100, Stephen Gran wrote:
> This one time, at band camp, Nate Duehr said:
> >
> > On Sep 21, 2007, at 5:12 PM, Stephen Gran wrote:
> >
> > >This is only true if the shebang is /bin/sh - you are of course
> > >free to
> > >write maintainer scripts with /bin/bash as the shebang, just as you're
> > >free to write perl scripts for your maintainer scripts. That being
> > >said, there is a push for dash to replace bash as the default
> > >non-interactive shell for lenny.
> >
> > Why? Just to be annoyingly different from every other distro
> > (again)? Or is there a very compelling technical reason?
>
> Presumably because its load and run time is less than bash's. The idea,
> as far as I have followed the discussion, is that this will make boot
> time faster.
This is especially true on embedded and older systems.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
Password file with over 3000 users.
On Sat, Sep 29, 2007 at 10:27:41AM -0400, Chris Bannister wrote:
> On Wed, Sep 26, 2007 at 08:05:33PM +1000, Craig Sanders wrote:
> > On Wed, Sep 26, 2007 at 05:44:40AM -0400, Roberto C. S?nchez wrote:
> > > On Wed, Sep 26, 2007 at 05:39:29PM +1000, Craig Sanders wrote:
> > > >
> > > > in short, don't do unneccessary harm and don't violate the principle
> > > > of least surprise.
> > >
> > > This is *exactly* one of the things that they are trying to fix.
> >
> > no, it's not. if it was, then they wouldn't be making the proposal.
>
> Isn't this all about posix compliance.
no, it's about "outing"[1] package scripts that have #!/bin/sh but use
bashisms.
bash itself IS posix-compliant, in that it can run posix-compliant
scripts. being a superset of posix sh does NOT make it non-compliant.
packaged scripts that use bashisms but wrongly declare themselves to be
posix compliant (i.e. with #!/bin/sh) are non-compliant. not bash.
[1] i.e. deliberately causing breakage in order to encourage users to
file bug reports.
the fact that this act of vandalism will ALSO break users' locally
written scripts, not just packaged scripts, is ignored - or, at best,
hand-waved away - by the zealots who are proposing it. their view of the
Way Things Should Be trumps all other considerations.
in short: the bugs are in packaged scripts with incorrect shebang lines.
the correct fix is to file bug reports on those packages and get them
fixed, not to arbitrarily break lots of other unrelated things.
there aren't many of these bugs remaining - the proponents of this idea
would be doing far more useful work if they concentrated on getting
those fixed than on breaking stuff by forcing their preference for
ash/dash on everyone else.
craig
--
craig sanders
--
Password file with over 3000 users.
So the answer to my question, "Why dash?"... the answers weren't very
convincing seems to have boiled down to these answers:
- Bash is fat, especially for embedded systems, and smaller shells will
boot faster.
- Bash acts differently than other shells.
- Shell scripts starting with a wimpy /bin/sh-shebang are broken by default.
In response, I'd say...
- Don't use bash if you don't want to, but don't push your smaller shell
on me just because of that.
- Duh.
- Duh.
Seems like a dumb set of reasons to change the default non-login shell,
to me... people tinkering with the defaults always leads to breakage,
something Linux is uber-famous for. It's getting old.
Anyone that doesn't know all of the above when choosing to use Linux,
isn't paying any attention at all and shouldn't be designing anything,
let alone an OS. And especially not by committee.
(On the flip side, anyone using Linux not expecting the so-called
"leadership" to constantly break working things, hasn't paid any
attention to Linux history either.)
Linux as a whole is stuck in a never-ending break-fix cycle it can't
break out of. (No pun intended.)
Nate
--
Password file with over 3000 users.
On Mon, Sep 24, 2007 at 03:25:41PM -0600, Nate Duehr wrote:
> So the answer to my question, "Why dash?"... the answers weren't very
> convincing seems to have boiled down to these answers:
>
> - Bash is fat, especially for embedded systems, and smaller shells will
> boot faster.
> - Bash acts differently than other shells.
> - Shell scripts starting with a wimpy /bin/sh-shebang are broken by default.
>
> In response, I'd say...
>
> - Don't use bash if you don't want to, but don't push your smaller shell
> on me just because of that.
> - Duh.
> - Duh.
>
> Seems like a dumb set of reasons to change the default non-login shell,
> to me... people tinkering with the defaults always leads to breakage,
> something Linux is uber-famous for. It's getting old.
>
Well, defaults are meant to be as inclusive as possible. Whereas dash
is suitable on a well resourced machine, bash is not suitable on a very
low resource machine.
Besides, if someone uses the /bin/sh specification for a script and then
goes on to use bashism, that is *by definition* broken. It simply the
fact that bash is the default that masks the brokenness.
> Anyone that doesn't know all of the above when choosing to use Linux,
> isn't paying any attention at all and shouldn't be designing anything,
> let alone an OS. And especially not by committee.
>
> (On the flip side, anyone using Linux not expecting the so-called
> "leadership" to constantly break working things, hasn't paid any
> attention to Linux history either.)
>
> Linux as a whole is stuck in a never-ending break-fix cycle it can't
> break out of. (No pun intended.)
>
So, you would rather that things stay the same rather than improve (and
potentially break)? There is an operating system targeted at just that
crowd. It is called MS Windows. You are more than welcome to go use
it.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
Password file with over 3000 users.
On Mon, Sep 24, 2007 at 05:34:07PM -0400, Roberto C. Sánchez wrote:
> So, you would rather that things stay the same rather than improve (and
> potentially break)? There is an operating system targeted at just that
actually, it's replacing bash with ash/dash as the default sh which has
the potential to break things.
bash has been /bin/sh on debian systems for over a decade. there's a lot
of local scripts that have been written assuming that fact (and even
several debian package scripts which make that assumption in violation
of policy - yes, that's a bug. the correct response to that is to file
bug reports and have them fixed, not just break them - and everyone's
local scripts - arbitrarily).
changing something that will break things for the majority in order
to cater for a miniscule minority (embedded systems developers) is a
ludicrous proposition. it makes no sense at all.
craig
--
craig sanders
--
Password file with over 3000 users.
> On Mon, Sep 24, 2007 at 05:34:07PM -0400, Roberto C. Sánchez wrote:
> > So, you would rather that things stay the same rather than improve (and
> > potentially break)? There is an operating system targeted at just that
On 25.09.07 18:25, Craig Sanders wrote:
> actually, it's replacing bash with ash/dash as the default sh which has
> the potential to break things.
> changing something that will break things for the majority in order
> to cater for a miniscule minority (embedded systems developers) is a
> ludicrous proposition. it makes no sense at all.
those things are already broken. using dash as /bin/sh will not break them.
replacing /bin/sh with /bin/bash is easy to do...
--
Matus UHLAR - fantomas, ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have.
--
Password file with over 3000 users.
On Tue, Sep 25, 2007 at 10:33:34AM +0200, Matus UHLAR - fantomas wrote:
> > On Mon, Sep 24, 2007 at 05:34:07PM -0400, Roberto C. Sánchez wrote:
> > > So, you would rather that things stay the same rather than improve (and
> > > potentially break)? There is an operating system targeted at just that
>
> On 25.09.07 18:25, Craig Sanders wrote:
> > actually, it's replacing bash with ash/dash as the default sh which has
> > the potential to break things.
[ i note that you carefully deleted the paragraphs about locally written
scripts - presumably because you have no answer and wish to ignore it
and hope nobody notices. ]
>
> > changing something that will break things for the majority in order
> > to cater for a miniscule minority (embedded systems developers) is a
> > ludicrous proposition. it makes no sense at all.
>
> those things are already broken. using dash as /bin/sh will not break them.
no, those locally written ARE NOT BROKEN.
bash has been /bin/sh on debian systems for over a decade. it is
perfectly reasonable for a local sysadmin to take advantage of the
non-POSIX features of the debian standard /bin/sh.
you may choose to write your sh scripts in pure POSIXLY_CORRECT form,
but that DOES NOT invalidate the choices of others.
> replacing /bin/sh with /bin/bash is easy to do...
it may be easy but it's not necessary because it's already the default.
it's even easier (and far less work for far fewer people) for the
miniscule minority who want an archaic sh to replace it on their
systems, or on their debian-derivative embedded distros.
just file bug reports on any debian packages that aren't POSIX
compliant, get them fixed, and use dash on your systems. that way, those
who want dash can have it, and those of us who don't wont even have to
know about or give a damn one way or the other.
but forcing your personal desires on everyone else just because you
think it's better/smaller/neater/more-aesthetically-pleasing or whatever
stupid reason you have AND because you don't give a shit how many
systems belonging to other people you break is both brain-damaged AND
maliciously stupid.
you might have had a chance to make ash/dash the default sh 12 or 13
years ago if a) you were around, and b) ash was around (it wasn't.
certainly not in debian and probably not anywhere AFAICR). but you
weren't and it wasn't. the issue was settled years ago. deal with it and
move on.
craig
--
craig sanders
BOFH excuse #243:
The computer fleetly, mouse and all.
--
Password file with over 3000 users.
> > > On Mon, Sep 24, 2007 at 05:34:07PM -0400, Roberto C. Sánchez wrote:
> > > > So, you would rather that things stay the same rather than improve (and
> > > > potentially break)? There is an operating system targeted at just that
> >
> > On 25.09.07 18:25, Craig Sanders wrote:
> > > actually, it's replacing bash with ash/dash as the default sh which has
> > > the potential to break things.
On 25.09.07 18:46, Craig Sanders wrote:
> [ i note that you carefully deleted the paragraphs about locally written
> scripts - presumably because you have no answer and wish to ignore it
> and hope nobody notices. ]
I did not feel I have to differ between them.
> > > changing something that will break things for the majority in order
> > > to cater for a miniscule minority (embedded systems developers) is a
> > > ludicrous proposition. it makes no sense at all.
> >
> > those things are already broken. using dash as /bin/sh will not break them.
>
> no, those locally written ARE NOT BROKEN.
If any sscript calling /bin/sh uses bashisms, it IS broken by definition.
The fact that it's not visible, because /bin/sh and /bin/bash are the same,
does NOT mean they are not broken.
> bash has been /bin/sh on debian systems for over a decade. it is
> perfectly reasonable for a local sysadmin to take advantage of the
> non-POSIX features of the debian standard /bin/sh.
did I or anyone else say that bash MUST NOT be installed as /bin/sh?
I have no objections against this possibility. But having bash installed
just because some people break things is sick.
--
Matus UHLAR - fantomas, ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam = (S)tupid (P)eople's (A)dvertising (M)ethod
--
Password file with over 3000 users.
Matus UHLAR - fantomas wrote:
> But having bash installed
> just because some people break things is sick.
I 100% agree with this. This is the main point.
Apart from that, the fact that bash becomes the default CAN be
discussed, but not because some people have broken minds.
Thomas
--
RE: Password file with over 3000 users.
Hi all.
I think this should be moved to another threat (not RE: Password file with over 3000 users.).
I agree scripts should declare the correct shell, and those which use specific bashisms should use #!/bin/bash.
Some shells ask at install time to use it as sh. So people who have problems with their scripts can install bash and use it as sh.
Best regards.
PD: Sorry for my English.
-----Mensaje original-----
De: Thomas Goirand [mailto:thomas@goirand.fr]
Enviado el: martes, 25 de septiembre de 2007 14:18
Para:
Asunto: Re: Password file with over 3000 users.
Matus UHLAR - fantomas wrote:
> But having bash installed
> just because some people break things is sick.
I 100% agree with this. This is the main point.
Apart from that, the fact that bash becomes the default CAN be discussed, but not because some people have broken minds.
Thomas
--
Password file with over 3000 users.
Craig Sanders wrote:
>>> changing something that will break things for the majority in order
>>> to cater for a miniscule minority (embedded systems developers) is a
>>> ludicrous proposition. it makes no sense at all.
>> those things are already broken. using dash as /bin/sh will not break them.
>
> no, those locally written ARE NOT BROKEN.
>
> bash has been /bin/sh on debian systems for over a decade. it is
> perfectly reasonable for a local sysadmin to take advantage of the
> non-POSIX features of the debian standard /bin/sh.
I do not agree with that. I think it's a major design error to mistake
between bash and sh and do some *BAD* assumptions like this. You cannot
complain if you did, IMHO. And I do as well think that those locally
written script ARE broken.
> you may choose to write your sh scripts in pure POSIXLY_CORRECT form,
> but that DOES NOT invalidate the choices of others.
Nobody invalidate anything. You can still use bash if you like, as long
as you call it correctly with #!/bin/bash ...
> but forcing your personal desires on everyone else just because you
> think it's better/smaller/neater/more-aesthetically-pleasing or whatever
> stupid reason you have AND because you don't give a shit how many
> systems belonging to other people you break is both brain-damaged AND
> maliciously stupid.
Nobody is brain-damaged because of this. The one who where brain-damaged
are the one that wrote #!/bin/sh when they really wanted to write
#!/bin/bash instead... The replacement of bash by something else CAN be
argued, but NOT the fact that writing #!/bin/sh instead of #!/bin/bash
is a big big mistake when somebody really want to use bash... And you
CANNOT complain after that mistake, IMHO.
Thomas
--
Password file with over 3000 users.
On Tue, Sep 25, 2007 at 08:13:40PM +0800, Thomas Goirand wrote:
> And I do as well think that those locally
> written script ARE broken.
then you would be wrong.
on debian, /bin/sh has been bash for over a decade. that's an historical
fact. changing it now would break things for no good reason.
those who want dash can easily have it. those who don't do not need to
be disturbed.
craig
--
craig sanders
--
Password file with over 3000 users.
Craig Sanders wrote:
> On Tue, Sep 25, 2007 at 08:13:40PM +0800, Thomas Goirand wrote:
>
>> And I do as well think that those locally
>> written script ARE broken.
>
> then you would be wrong.
>
> on debian, /bin/sh has been bash for over a decade. that's an historical
> fact. changing it now would break things for no good reason.
> those who want dash can easily have it. those who don't do not need to
> be disturbed.
No need to repeat, everybody got your point that it's been a decade, and
that people can choose, but you want the default being the same thing as
before, with no change possible.
> no, it's a *stupid* extension of mine, not a "natural" extension.
>
> it's what is known as "grasping at straws". indicating irrationality and
> desperation. your argument holds no water, and you know it - hence the
> descent into absurd projection.
This reminds me the SORBS thread, and ... godwin! :)
Clearly, when somebody (if not a majority) do not agree with you, you
start to be aggressive. There's absolutely no point in insulting others,
and it seems you are the only one playing that game here... Please think
twice before using words like: stupid, irrationality, or absurd when
writing to others in public lists.
It's really a shame to read this when I see many very good comments from
you helping others, showing that you are far from being stupid, and that
your brain is full of knowledge. A bit of respect wouldn't have kill
you, even if you don't agree.
Stop wining and upgrade your *broken* scripts.
Thomas
--
Password file with over 3000 users.
On Wed, Sep 26, 2007 at 12:08:29PM +0800, Thomas Goirand wrote:
> Craig Sanders wrote:
> > On Tue, Sep 25, 2007 at 08:13:40PM +0800, Thomas Goirand wrote:
> >
> >> And I do as well think that those locally
> >> written script ARE broken.
> >
> > then you would be wrong.
> >
> > on debian, /bin/sh has been bash for over a decade. that's an historical
> > fact. changing it now would break things for no good reason.
> > those who want dash can easily have it. those who don't do not need to
> > be disturbed.
>
> No need to repeat, everybody got your point that it's been a decade, and
> that people can choose, but you want the default being the same thing as
> before, with no change possible.
i just posted the following few paragraphs to someone else in private
mail. maybe they'll help you to see the point:
it is incumbent on those who are proposing a change to demonstrate:
1. that the change has significant benefits
2. that the change does not cause problems
3. that the benefits greatly outweigh the problems caused
and,
4. that there is no viable alternative to the proposed change
changing bash to dash as the default shell fails on all four counts:
there are no significant benefits, changing it would cause problems,
the benefits do NOT greatly outweigh the problems, and point 4 fails
because there is a viable alternative (those who want dash can install
it themselves).
in short, don't do unneccessary harm and don't violate the principle of
least surprise.
> > no, it's a *stupid* extension of mine, not a "natural" extension.
> >
> > it's what is known as "grasping at straws". indicating irrationality and
> > desperation. your argument holds no water, and you know it - hence the
> > descent into absurd projection.
>
> This reminds me the SORBS thread, and ... godwin! :)
> Clearly, when somebody (if not a majority) do not agree with you, you
> start to be aggressive. There's absolutely no point in insulting others,
> and it seems you are the only one playing that game here... Please think
> twice before using words like: stupid, irrationality, or absurd when
> writing to others in public lists.
i'll use those words (or indeed, ANY words i choose) when i consider them to
be accurate.
> It's really a shame to read this when I see many very good comments from
> you helping others, showing that you are far from being stupid, and that
> your brain is full of knowledge. A bit of respect wouldn't have kill
> you, even if you don't agree.
respect is earned, not an automatic entitlement.
it's extremely difficult to have respect for stupid propositions or those who
are proposing them.
> Stop wining and upgrade your *broken* scripts.
they aint my scripts, and they aint broken.
btw, regardless of what POSIX sh should or shouldn't be, on debian,
/bin/sh has always been bash. and has been documented as being bash.
see "man sh" - it clearly states that it is bash and it documents the
features of bash. it is entirely reasonable for a debian user to use the
features AS DOCUMENTED, whether you or POSIX or anyone else thinks that
is "correct" behaviour or not.
craig
--
craig sanders
--
Changing the default simlink to sh [was: Password file with over
Craig Sanders wrote:
> i just posted the following few paragraphs to someone else in private
> mail. maybe they'll help you to see the point:
>
> it is incumbent on those who are proposing a change to demonstrate:
>
> 1. that the change has significant benefits
> 2. that the change does not cause problems
> 3. that the benefits greatly outweigh the problems caused
> and,
> 4. that there is no viable alternative to the proposed change
You are repeating again, so it forces us to repeat also. I think you had
better re-read the backlog to see somebody's else point, but if you
still didn't get it, then I'll have to write it again.
1. The significant benefits are: faster, lighter, and more cross
comparabilities with the Debian embedded systems. Another one is a
better compatibility with BSD systems that wont have bash by default
(you need to set it up manually or depend on it). This last one is,
IMHO, very important. Another one is that scripts with bashism will be
detected immediately, and that's great, they will be modified quicker.
2. It doesn't cause any problem for scripts written with #!/bin/bash,
only for those who were badly written with #!/bin/sh instead when
expecting bash. These scripts HAVE to be modified, and it's not a very
big deal anyway.
3. See point 1, I think it's clear there are some very big benefits, and
the only problem is badly written scripts that can be modified really
easily.
4. The alternative is to setup bash, and restor the link as it was, or
to fix the badly written scripts. Both solution are really easy...
> in short, don't do unneccessary harm and don't violate the principle of
> least surprise.
People that DO read Debian news and things like that will know in
advance, and have quite a big amount of time to fix.
> respect is earned, not an automatic entitlement.
For sure, you are not earning respect when writing this way to others.
> btw, regardless of what POSIX sh should or shouldn't be, on debian,
> /bin/sh has always been bash. and has been documented as being bash.
> see "man sh" - it clearly states that it is bash and it documents the
> features of bash. it is entirely reasonable for a debian user to use the
> features AS DOCUMENTED, whether you or POSIX or anyone else thinks that
> is "correct" behaviour or not.
But lucky, things evolve. It's not because one thing exists, or have
always been in a way, and is documented as it is, that it shouldn't be
changed if there are some good things behind the move. Debian
maintainers will simply update the documentation... Also, nobody forced
anyone to call the wrong shell, and it was never documented this way.
Also, if "man sh" brings the man page of bash, that doesn't mean
anything but the fact that bash is currently used when calling sh (the
sh man page is just a symlink to the one of bash...).
I could find so many example of things that have been in a way for
decades, and that one day, changed. And there was always some people
against evolution. I have many example in mind, but I wont give any, as
automatically, you'll say it's a fullish one for whatever reason. But I
believe you are smart enough to understand my point without giving you
yet another car example...
Thomas
P.S: Once again, people are NOT stupid because they have different point
of view. Saying so IS disrespectful, and not only for the one you are
writing to, but for all the people reading this list. IMHO, by default,
you should respect the people reading you, especially in a public lists.
--
Changing the default simlink to sh [was: Password file with over
On Wed, Sep 26, 2007 at 05:03:38PM +0800, Thomas Goirand wrote:
> Craig Sanders wrote:
> > i just posted the following few paragraphs to someone else in private
> > mail. maybe they'll help you to see the point:
> >
> > it is incumbent on those who are proposing a change to demonstrate:
> >
> > 1. that the change has significant benefits
> > 2. that the change does not cause problems
> > 3. that the benefits greatly outweigh the problems caused
> > and,
> > 4. that there is no viable alternative to the proposed change
>
> You are repeating again, so it forces us to repeat also. I think you had
actually, it wasn't a repeat. it was the first time i'd posted that. i
posted it because it seems that appropriate caution is an alien concept
to the loony change-mongers here.
> 1. The significant benefits are: faster, lighter, and more cross
> comparabilities with the Debian embedded systems. Another one is a
they may be benefits, but they're not *significant* benefits. they're
irrelevant to >99% of debian users.
> better compatibility with BSD systems that wont have bash by default
it's debatable whether that's a benefit at all.
BSD systems have their own non-GNU versions of standard utilities, so sh
scripts from linux often wont work on *bsd anyway. and vice-versa.
> (you need to set it up manually or depend on it). This last one is,
nobody sane would replace, e.g., root's shell with bash on a solaris or *bsd
or other non-bash-by-default *nix - because there's no way of knowing what
cron jobs and other stuff will break.
instead, sane people who want bash on those systems install it in /usr/local
and run "exec bash" after they su to root.
similarly, nobody sane would want to replace bash as the default sh with
dash because there's also no way of knowing what would break.
> IMHO, very important. Another one is that scripts with bashism will be
> detected immediately, and that's great, they will be modified quicker.
OTOH, another way of looking at it is that if nobody has detected
them it's because nobody cares - nobody except for a tiny handful of
people (mostly embedded systems developers and not-entirely-rational
uber-pedants) bothers to install dash and replace the /bin/sh symlink.
frankly, if they care that much, it's up to THEM to file the bug
reports, not force the burden onto the vast majority who simply don't
care about dash or POSIX compliance.
breaking other people's systems for an aesthetic goal just because
you're too lazy to bother checking the init.d scripts in packages and
file bug-reports yourself is, as i mentioned before, maliciously stupid.
bashisms in init.d & cron & other packaged #!/bin/sh scripts is a bug.
bash as the default /bin/sh is NOT a bug.
> 2. It doesn't cause any problem for scripts written with #!/bin/bash,
> only for those who were badly written with #!/bin/sh instead when
> expecting bash. These scripts HAVE to be modified, and it's not a very
> big deal anyway.
no, they DON'T have to be modified (at least, not locally-written ones.
package scripts should have the pedantically-correct #! line).
as i pointed out last time, debian's /bin/sh has always been bash, and
has always been documented as such. it is NOT broken to write a script
that uses the documented features.
> 3. See point 1, I think it's clear there are some very big benefits, and
> the only problem is badly written scripts that can be modified really
> easily.
what's very clear is that the benefits are tiny, the problems are moderately
large, and that the scripts you claim to be "badly written" aren't.
> 4. The alternative is to setup bash, and restor the link as it was, or
> to fix the badly written scripts. Both solution are really easy...
only the proposed change has the potential to break existing systems
for no good reason.
in short, there's woefully insufficient justification for making this change.
> > in short, don't do unneccessary harm and don't violate the principle
> > of least surprise.
>
> People that DO read Debian news and things like that will know in
> advance, and have quite a big amount of time to fix.
again, a tiny minority of debian users.
> anyone to call the wrong shell, and it was never documented this way.
it was. i repeat: look at "man sh" on any default debian system.
> Also, if "man sh" brings the man page of bash, that doesn't mean
> anything but the fact that bash is currently used when calling sh (the
> sh man page is just a symlink to the one of bash...).
it's been that way for over a decade. since debian began. approx 14
years of debian telling users that sh is bash and documenting it as
such. now some morons want to change that without any good reason.
> I could find so many example of things that have been in a way for
> decades, and that one day, changed.
change has to be justifiable. see the four test points in my previous
message for the bare minimum justification for any change.
> P.S: Once again, people are NOT stupid because they have different point
> of view.
of course not. they are stupid because they have a stupid point of view.
difference has nothing to do with it.
> Saying so IS disrespectful,
putting false words in my mouth and claiming that is what i said is not only
disrespectful, it is dishonest.
craig
--
craig sanders
BOFH excuse #34:
(l)user error
--
Changing the default simlink to sh [was: Password file with over
On Wed, Sep 26, 2007 at 07:55:02PM +1000, Craig Sanders wrote:
> On Wed, Sep 26, 2007 at 05:03:38PM +0800, Thomas Goirand wrote:
>
> > better compatibility with BSD systems that wont have bash by default
>
> it's debatable whether that's a benefit at all.
>
> BSD systems have their own non-GNU versions of standard utilities, so sh
> scripts from linux often wont work on *bsd anyway. and vice-versa.
>
Whoa there. That needs some backing up. My understanding, based on
having read the man and info pages for lots of GNU utilities, is that
the GNU folks go to great lengths to preserve compatibility with
traditional Unix utilities.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
Changing the default simlink to sh [was: Password file with over
On Wed, Sep 26, 2007 at 09:48:17AM -0400, Roberto C. Sánchez wrote:
> On Wed, Sep 26, 2007 at 07:55:02PM +1000, Craig Sanders wrote:
> > BSD systems have their own non-GNU versions of standard utilities, so sh
> > scripts from linux often wont work on *bsd anyway. and vice-versa.
>
> Whoa there. That needs some backing up. My understanding, based on
> having read the man and info pages for lots of GNU utilities, is that
> the GNU folks go to great lengths to preserve compatibility with
> traditional Unix utilities.
with which particular implementations? each vendor had (and still has)
their own versions with not-quite-compatible command-line switches and
sometimes even incompatible file & output formats.
the GNU versions are the only ones that are standard across multiple
unix-like operating systems.
craig
--
craig sanders
BOFH excuse #196:
Me no internet, only janitor, me just wax floors.
--
Changing the default simlink to sh [was: Password file with over
--On September 27, 2007 6:53:16 AM +1000 Craig Sanders
wrote:
> On Wed, Sep 26, 2007 at 09:48:17AM -0400, Roberto C. Sánchez wrote:
>> On Wed, Sep 26, 2007 at 07:55:02PM +1000, Craig Sanders wrote:
>> > BSD systems have their own non-GNU versions of standard utilities, so
>> > sh scripts from linux often wont work on *bsd anyway. and vice-versa.
>>
>> Whoa there. That needs some backing up. My understanding, based on
>> having read the man and info pages for lots of GNU utilities, is that
>> the GNU folks go to great lengths to preserve compatibility with
>> traditional Unix utilities.
>
> with which particular implementations? each vendor had (and still has)
> their own versions with not-quite-compatible command-line switches and
> sometimes even incompatible file & output formats.
>
> the GNU versions are the only ones that are standard across multiple
> unix-like operating systems.
I'll totally agree here. Cant' tell you how many times I've had a Makefile
fail from various open source projects because of flags sent to mv and/or
cp being different, or non-existent on *BSD (FreeBSD mostly).
Changing the default simlink to sh [was: Password file with over
On Sep 26, 2007, at 7:48 AM, Roberto C. Sánchez wrote:
> Whoa there. That needs some backing up. My understanding, based on
> having read the man and info pages for lots of GNU utilities, is that
> the GNU folks go to great lengths to preserve compatibility with
> traditional Unix utilities.
It doesn't work that way in practice. I can name off numerous
differences in low-level tools between Solaris, AIX, HP-UX, BSD,
Linux and lord knows what else.
For those using multiple OS's it's a fact of life, and has been for
two decades. Only newbies get frustrated by it. Everyone else just
deals with it, since they ARE different OS's after all...
tar is one of the biggest "offenders", being quite different on
almost every Unix platform.
--
Nate Duehr
Changing the default simlink to sh [was: Password file with over
On Sep 26, 2007, at 3:03 AM, Thomas Goirand wrote:
> Craig Sanders wrote:
>> i just posted the following few paragraphs to someone else in private
>> mail. maybe they'll help you to see the point:
>>
>> it is incumbent on those who are proposing a change to demonstrate:
>>
>> 1. that the change has significant benefits
>> 2. that the change does not cause problems
>> 3. that the benefits greatly outweigh the problems caused
>> and,
>> 4. that there is no viable alternative to the proposed change
>
> You are repeating again, so it forces us to repeat also. I think
> you had
> better re-read