[1309] in athena10
Re: the debathena-managed metapackage
daemon@ATHENA.MIT.EDU (Greg Price)
Fri Mar 6 01:56:45 2009
Date: Fri, 6 Mar 2009 01:54:40 -0500
From: Greg Price <price@MIT.EDU>
To: Tim Abbott <tabbott@mit.edu>
Cc: Jonathan Reed <jdreed@mit.edu>, debathena@mit.edu
Message-ID: <20090306065440.GH1218@vinegar-pot.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <alpine.DEB.2.00.0903051655480.20869@vinegar-pot.mit.edu>
On Thu, Mar 05, 2009 at 05:25:55PM -0500, Tim Abbott wrote:
> > - Several of the packages pulled in here represent Athena software
> > and may belong in -workstation or lower: -transcript-glue,
> > -misc-glue, -xlock. I believe the main reason they aren't already
> > is that they were written by ghudson and rbasch, who were focussed
> > on the cluster release.
>
> Quite possibly. I don't particularly like what these packages do; we may
> want to remove these attachandrun scripts once command_not_found support
> is working. But they should probably be in -workstation if we have them
> in -cluster.
Done.
> > - -build-depends really should be in -extra-software.
>
> Seems reasonable.
Done.
> > - cluster-login-config, among other changes, enables a user to log
> > out someone who's left the screensaver going for a while. Many of
> > the users who want -managed, the ones setting up local public
> > machines, may want this.
>
> Yeah, we should probably split that out.
To put a bit more flesh here, the package description lists
1. configuring the screensaver to allow logouts afer a certain time period
2. disabling user switching
3. disabling console logins
4. disabling sshd
5. disabling the halt/reboot/suspend commands in gdm and at logout
6. setting the root password
Item 1 lets users take over the machine from someone who's wandered
off. Items 2, 3, and 4 are to prevent multiple users from using the
machine at the same time and tramping on each other or grabbing each
other's tickets. Item 5 is to prevent a user coming upon a
powered-off machine.
In a real cluster-style departmental environment, all five of these
would apply. Some -managed users will therefore want all of them.
For one person's workstation, probably none of the five apply, though
#1 is harmless and some of the rest may be too.
The one piece that only official Athena clusters will want is #6.
So one version of what to do here would be to pull out #6 as
debathena-athena-root-password-config or somesuch, and then include
the remaining -cluster-login-config under -managed. That would follow
Tim's suggested principle:
> Yeah, I think it would be desireable for -cluster machines to not
> differ from -managed machines in a user-visible way other than the
> login snapshot behavior.
Another version is to pull out #6, then document that people setting
up local public machines should install -managed plus -cluster-login-config.
Variations include also moving #1 to a new package under -managed, or
other more complex arrangements.
Jon, what path do you think you'd be happiest presenting to the users
you have in mind for this package? I think all the would-be -managed
users I've talked to would want #1-#5. Of course by self-selection
they're also people who it'd be easy to say "install both -managed and
-cluster-login-config" to.
Greg
