<div dir="ltr">Oh, well. We should be off to fixing that bug, then. </div><div class="gmail_extra"> <div class="gmail_quote">2014/1/7 Steve Langasek <<a href="mailto:steve.langasek@canonical.com" target="_blank">steve.langasek@canonical.com</a>> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On Sun, Jan 05, 2014 at 10:50:35PM -0200, <a href="mailto:pabloalmeidaff9@gmail.com">pabloalmeidaff9@gmail.com</a> wrote: > We really don't have a way to have the packages installed but the service > stopped/unavailable until the user needs it? </div>It could be done, but that's not the way Debian packages are put together by default. It would be a rather large amount of work, and I doubt that filesharing on the local network is seen as an important enough use case today to justify that effort. <div class="HOEnZb"><div class="h5"> -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer <a href="http://www.debian.org/" target="_blank">http://www.debian.org/</a> <a href="mailto:slangasek@ubuntu.com">slangasek@ubuntu.com</a> <a href="mailto:vorlon@debian.org">vorlon@debian.org</a> > 2014/1/5 Steve Langasek <<a href="mailto:steve.langasek@ubuntu.com">steve.langasek@ubuntu.com</a>> > > On Sun, Jan 05, 2014 at 12:47:47PM -0500, Stéphane Graber wrote: > > > Ubuntu has a no open port by default policy at least for the Desktop > > > installation. If you look at a default Ubuntu Desktop system the only > > > exceptions you should see to that rule are the DHCP client (which needs > > > to listen on udp/68) and avahi-daemon (which needs to listen on > > > udp/5353). > > > > > So having samba installed and running by default isn't an option and > > > would be a potential security risk for millions of systems which do not > > > need the service at all anyway. > > > > > I think having nautilus prompt the user for those packages to be > > > installed is perfectly reasonable, having to restart the session however > > > seems a bit odd to me and shouldn't be a requirement. > > > > The requirement follows from the fact that CIFS shares require a different > > password hash to be available on the server system for authentication than > > the one used by default in /etc/shadow, and while the permissions on the > > file managed by libpam-smbpasswd are secure, the NTLM hashes are strictly > > weaker than the hashes used for /etc/shadow, which exposes users to greater > > risk of password cracking if the database is stolen. So since these hashes > > are not generated until the user opts in to CIFS sharing through nautilus > > (changing their PAM config), the session logout/login is unavoidable. > > > > -- > > Steve Langasek Give me a lever long enough and a Free OS > > Debian Developer to set it on, and I can move the world. > > Ubuntu Developer <a href="http://www.debian.org/" target="_blank">http://www.debian.org/</a> > > <a href="mailto:slangasek@ubuntu.com">slangasek@ubuntu.com</a> <a href="mailto:vorlon@debian.org">vorlon@debian.org</a> > > > > > > -- > Pablo Almeida > <a href="http://www.google.com/profiles/pabloalmeidaff9" target="_blank">http://www.google.com/profiles/pabloalmeidaff9</a> </div></div></blockquote></div> -- Pablo Almeida <a href="http://www.google.com/profiles/pabloalmeidaff9">http://www.google.com/profiles/pabloalmeidaff9</a> </div>