# SOLVED new baselayout starting to many interfaces!

## Soul_rebel

I upgraded to the unstable baselayout today. I am getting some errors about net.eth1 failing to start. I have a net.eth1 init script but I never added it to the default or boot runlevels!

During boot I see a message like "device initiated services: net.eth0 net.eth1" and later it probably start those services.

I don't want that. I am using ifplugd to control eht0 and I want eth1 disabled for now. So they both don't have to start.

Is there some new config file to edit that I don't know?

----------

## UberLord

baselayout-1.12 now has ifplugd and netplug support, so it should just work.

device initiated blah is udev trying to coldplug your hardware for you - this is controllable by RC_COLDPLUG in /etc/conf.d/rc

Is net.eth1 a symlink to net.lo? If not then ensure that it is.

Oh yeah - and etc-update

----------

## Soul_rebel

setting

```
RC_PLUG_SERVICES="!net.*"
```

solved the problem.

However if I add net.eth0 to the runlevel, I still get a warning about net.eth0 being started but inactive. 

As of now I prefer to start the ifplugd daemon directly and keep net.eth* off as with the old baselayout.

I like the idea of supporting ifplugd in this new baselayout, but as of now, it is done a bit poorly.

This can be done much better. Here's my suggestion:

turn OFF ifplugd support BY DEFAULT,

If the user wants it, he MUST enable it by hand, preferably using a per interface logic.

If ifplug is activated on a interface, then DO NOT OUTPUT WARNINGS, maybe just a little message saying "eth0 managed by ifplugd"

This default configuration is INSECURE. We should default not to start any found interface! This can cause security issues over upgrades. Also I think that we should not use ifplugd if not requested to do so.

Theese features are great, it's just a matter of default settings. Gentoo is about turning on just the stuff you want on, it's not about default setups working good in 80% cases and causing big problems to the rest. That's more of a windows thing  :Smile: 

Thanks for your work, gentoo devs.

----------

## UberLord

 *Soul_rebel wrote:*   

> I like the idea of supporting ifplugd in this new baselayout, but as of now, it is done a bit poorly.
> 
> This can be done much better. Here's my suggestion:
> 
> turn OFF ifplugd support BY DEFAULT,
> ...

 

You can turn it off like so

```
modules=( "!plug" )
```

and voila - no more ifplugd support in baselayout.

It's on by default because that makes it easier for most users. Obviously not you though, which is why we you can turn it off as I showed.

 *Quote:*   

> This default configuration is INSECURE. We should default not to start any found interface! This can cause security issues over upgrades.

 

Yes we should. It makest things easier - also, there is nothing insecure about it.

Don't like it - turn it off.

 *Quote:*   

>  Also I think that we should not use ifplugd if not requested to do so.

 

So don't emerge ifplugd then - if you do then we assume that you want to use it, otherwise why install it?

 *Quote:*   

> Theese features are great, it's just a matter of default settings. Gentoo is about turning on just the stuff you want on, it's not about default setups working good in 80% cases and causing big problems to the rest. That's more of a windows thing 

 

No, it's about an ease of use thing.

----------

## Soul_rebel

letting default configuration start all network cards, _is_ insecure.

It took my wireless card up, what if I did not notice that? It also can cause other problems. 

This is why I think net interfaces should not be started by default by coldplug. 

This is insecure, I really hope it will be changed before this baselayout goes stable.

Again about the ifplug module, it may save you some troubles (or may cause problems interacting with firewalls)... openbsd would not ship with that on by default, but if you really want to enable it globally, al least we can turn it off. Let's say it is not really insecure, (but wireless ? is ifplug going to manage wireless too... that won't be secure I suppose... I don't know)

Anyway it's ugly to get an warning message every boot with a yellow asterisk, when everithing it's ok, beacause you just need ifplugd... that's why I thought to have the user enable it manually.

I hope to be costructive, I am not accusing anyone or pretending I am right. I love gentoo too.

----------

## UberLord

 *Soul_rebel wrote:*   

> letting default configuration start all network cards, _is_ insecure.
> 
> It took my wireless card up, what if I did not notice that? It also can cause other problems. 
> 
> This is why I think net interfaces should not be started by default by coldplug. 
> ...

 

Did you notice that we started your keyboard too?

Seriously, no - this is the default, this is how it will ship.

And it's not insecure at all.

 *Quote:*   

> Again about the ifplug module, it may save you some troubles (or may cause problems interacting with firewalls)... openbsd would not ship with that on by default, but if you really want to enable it globally, al least we can turn it off. Let's say it is not really insecure, (but wireless ? is ifplug going to manage wireless too... that won't be secure I suppose... I don't know)

 

ifplugd will not start by default on wireless interfaces - don't confuse coldplug with ifplugd.

 *Quote:*   

> Anyway it's ugly to get an warning message every boot with a yellow asterisk, when everithing it's ok, beacause you just need ifplugd... that's why I thought to have the user enable it manually.

 

You enabled it by installing it ..... kinda logical I think

 *Quote:*   

> I hope to be costructive, I am not accusing anyone or pretending I am right. I love gentoo too.

 

Great! I listen to all advise, comments and criticisms. However in this instance I will not be swayed - you can check our bugzilla and search the forums for people asking for ifplugd integration into baselayout to make their lives easier. I fully agree with this, and it's a good default.

You don't agree with this, but on this matter you are in the minority.

----------

## Soul_rebel

ok man, you have got your poing of view. But I think you are misunderstanding mine.

this is what I think

ifplug integration: good

ifplug integration ON, when ifplugd is installed: not so good.

seeing warning at boot: ugly.

coldplug starting by default any interface: bad. insecure. 

I mean insecure when you upgrade. My wireless card was OFF with the old baselayout, and then got ON with this one. I have been in a insecure state, with my wireless active while I wanted only the wire and I had removed the wireless card from the any runlevel. At first I did not notice. This is going to affect someone else too, when baselayout will be made stable. This raise a security concern. You cannot deny it.

Secondly the point why I use gentoo is, that it does not do what it thinks it does what I tell it. I know better. Anyone installing gentoo is capable of turning on a couple of options in some config files. This is why I want default config to do very little and be trouble-proof and secure.

I think we can have a lot of features but let the user only choose what to get.

 *Quote:*   

> You enabled it by installing it ..... kinda logical I think 

 

Which boot service do you enable by installing it on gentoo?????? none almost. 

Do you really think gentoo users can choose emerge ifplugd, but aren't able to add it to the net configuration?

Anyway it's not a big problem ifplugd on by default if present. But it would be more elegant to let the user turn it on. It will be more gentoo.

----------

## UberLord

 *Soul_rebel wrote:*   

> ok man, you have got your poing of view. But I think you are misunderstanding mine.
> 
> this is what I think
> 
> ifplug integration: good
> ...

 

Yes, there was a big long debate about it.

Search on the gmane archives about RC_COLDPLUG, you should find the thread easily.

Here's a summary.

There are some people who like coldplug and the fact that it starts network services by default.

There are some who don't.

Most people like coldplug and how it starts network services. These are mainly laptop users.

Some people don't like coldplug or hotplug - they are mainly server users.

Some people see the benefits of both - these are normally fixed desktop users.

Outcome was that more people thought it was a good thing.

 *Quote:*   

> Secondly the point why I use gentoo is, that it does not do what it thinks it does what I tell it. I know better. Anyone installing gentoo is capable of turning on a couple of options in some config files. This is why I want default config to do very little and be trouble-proof and secure.
> 
> I think we can have a lot of features but let the user only choose what to get.

 

On the other hand easier network setup makes things easier. And anyone capbale of installing gentoo is capable of turning off a default option. Notice how I cleverly turned around your argument using your words?

 *Quote:*   

>  *Quote:*   You enabled it by installing it ..... kinda logical I think  
> 
> Which boot service do you enable by installing it on gentoo?????? none almost.

 

Here's a list of what baselayout does by default

1 - sets your clock. Actually some users don't like this and don't think that should be a default option either.

2 - mounts your partitions. You can stop this by setting "noauto" in fstab

3 - checks your partitions for errors

4 - sets your hostname to "localhost"

5 - sets some default hdparm options

6 - mounts any network folders

7 - seeds the urandom number generator

8 - configures your keyboard

That's all by default without ANY config changes.

Now, YOU install a driver for your network card, YOU create the symlink to net.lo (net.eth0 is provided though), YOU emerge ifplugd. The least we can do is start it by default so the cable comes up when you plug it in or out.

No, the default stays. More people like it and it is not insecure in the slightest regardless of what you think.

----------

## Soul_rebel

starting by default interfaces with colplug is insecure for people who upgrade and have some interfaces configured but not added to the default runlevel. 

For me it took my wireless up and was looking for an access point  :Smile:  Then I noticed and asked here how to turn it off. 

At least, when baselayout is made stable, output a warning upon the upgrade about this.

Say one day I configure my second network card. I don't add it to start on boot, because I use it rarely. This setup starts it anyway. It is hard to find how to disable it. In "rc-update show" it is off... 

I am not saying that ifplugd integration is insecure. Got that?

Frankly I had enough of this. You could have said: the decision was taken, there's nothing you can do about it, now. You don't need to "cleverly" turn around my own words. I wonder how old are you... Goodbye.

----------

