Announcement

Collapse
No announcement yet.

/etc/services : is this the right place to enable and disable services?

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    /etc/services : is this the right place to enable and disable services?

    I've recently discovered the /etc/services file. If I want to disable a service, is this a safe place to do it?

    For example, the package dovecot-imap automatically associates IMAP with 143. I've set up IMAPS on port 993 and was thinking I may just unmap 143-->IMAP leaving only the secure 993-->IMAPS in /etc/services by commenting out the line for 143.

    Is this safe/recommended?

    Is there a better way to do it?

    I'm asking more for my general understanding of Linux, rather than because I can't do it any other way (my server is behind a router, so I can just not forward port 143). I still think it's an interesting question - what do people do if they're running a server that isn't behind a router? I guess they would use a firewall?

    Other ways of disabling IMAP on 143 in Dovecot would answer this particular question, but I'd still like to get a feel for what constitutes an "appropriate" use of /etc/services.

    Thanks,

    Feathers
    samhobbs.co.uk

    #2
    Take a look at http://dovecot.2317879.n4.nabble.com...3-td13163.html
    and http://wiki2.dovecot.org/SSL
    Last edited by Snowhog; Nov 23, 2013, 01:28 PM.
    Windows no longer obstructs my view.
    Using Kubuntu Linux since March 23, 2007.
    "It is a capital mistake to theorize before one has data." - Sherlock Holmes

    Comment


      #3
      Thanks Snowhog.

      Unfortunately, "protocols = foo bar" is an obsolete setting.

      I couldn't figure out how to remove it the "new way". I tried commenting out part of this block:

      Code:
      service imap-login {
      #  inet_listener imap {
      #    port = 143
      #  }
        inet_listener imaps {
          port = 993
          ssl = yes
        }
      }
      but "telnet localhost 143" still connects to Dovecot after restarting.

      Feathers
      samhobbs.co.uk

      Comment


        #4
        Just a stab in the dark: try un-commenting the above part and change the imap port to 0.

        Please Read Me

        Comment


          #5
          Originally posted by oshunluvr View Post
          Just a stab in the dark: try un-commenting the above part and change the imap port to 0.
          That's a good idea, will try it and report back. Perhaps the default is 143 whether you specify it or not.
          samhobbs.co.uk

          Comment


            #6
            That did it! You aim pretty well in the dark

            Thanks
            samhobbs.co.uk

            Comment


              #7
              Piece of cake - I say as I brush off my shoulder... lol

              Please Read Me

              Comment


                #8
                Lol

                So, having solved that specific question, how about the general question?

                Is it safe/recommended to comment out lines in /etc/services?

                Feathers
                samhobbs.co.uk

                Comment


                  #9
                  Safe? Maybe. Permanent? I don't think so.

                  AFAIK, that file is updated along with the netbase package and is modified by upstart and initctl. I think the "correct" way to enable or disable a service is via it's conf file in /etc/init. This is way outside my area of expertise, so I'd seek other advice if I were you.

                  Please Read Me

                  Comment


                    #10
                    Originally posted by oshunluvr View Post
                    Safe? Maybe. Permanent? I don't think so.

                    AFAIK, that file is updated along with the netbase package and is modified by upstart and initctl. I think the "correct" way to enable or disable a service is via it's conf file in /etc/init. This is way outside my area of expertise, so I'd seek other advice if I were you.
                    OK thanks, that's just the kind of info I was after!
                    samhobbs.co.uk

                    Comment


                      #11
                      Originally posted by Feathers McGraw View Post
                      how about the general question? ... Is it safe/recommended to comment out lines in /etc/services? ... I'd still like to get a feel for what constitutes an "appropriate" use of /etc/services.
                      Originally posted by oshunluvr View Post
                      Safe? Maybe. Permanent? I don't think so.
                      Correct: editing /etc/services is not the way to accomplish your goal. This is simply a definition file, used when networking-related commands offer the choice of displaying numeric values or symbolic names.

                      For example, compare the output of netstat -ltn to netstat -lt. In the former, netstat displays all listening TCP sockets using numeric IP addresses and port numbers. In the latter, netstat has resolved IP addresses where possible and consulted /etc/services to determine which symbolic names to substitute for port numbers.

                      Originally posted by oshunluvr View Post
                      I think the "correct" way to enable or disable a service is via it's conf file in /etc/init.
                      Welcome to the wonderful world of lexical overload. Mucking around with /etc/init.d/dovecot would indeed alter Dovecot's behavior, but not in the intended way. Here, the goal is to stop Dovecot from listening on 143 but still keep it on 993.

                      Originally posted by Feathers McGraw View Post
                      I couldn't figure out how to remove it the "new way". I tried commenting out part of this block:
                      Code:
                      service imap-login {
                      #  inet_listener imap {
                      #    port = 143
                      #  }
                        inet_listener imaps {
                          port = 993
                          ssl = yes
                        }
                      }
                      but "telnet localhost 143" still connects to Dovecot after restarting.
                      Yes, that would seem to be the reasonable thing to do. But what you're controlling here are Dovecot's login processes. The existence of service imap-login {...} in /etc/dovecot/conf.d/10-master.conf is enough to cause the spawning of Dovecot sockets on 143 for IMAP and 993 for IMAPS. You could comment out that entire block inside the {...} and still have functioning services, because these are the defaults for imap-login. The only reason you'd ever change anything here is if you want to move IMAP and/or IMAPS to non-standard ports. Or...

                      Originally posted by oshunluvr View Post
                      Just a stab in the dark: try un-commenting the above part and change the imap port to 0.
                      For Dovecot 2.x, that's actually the correct thing to do (see the "Service Listeners" section) if you want to disable a listener.

                      Comment

                      Working...
                      X