Re: File sets on internet exposed server
Thank you Robert and Stuart for your helpful responses. > Skipping X and games is usually safe. The compilers might be a bad > idea unless you're only installing software from ports. Yes, current plan is to install only from ports as of now. > If you aren't using those packages which use libraries from xbase, you > *could* skip installing it, but make a note of it so that if you later > run pkg_add and get weird errors about missing libraries, you know what > you've done. Thanks for the detailed explanation. Will make a note. Most likely, the programs installed from ports should be fine. So, it is: -comp* -game* -x* Regards, ab -|-|-|-|-|-|-|--
Re: File sets on internet exposed server
On 2018-11-14, Aham Brahmasmi wrote: > Hello misc, > > 1) For an internet exposed server, would it be ok to not install any > i) compiler collection > ii) games > iii) X related > file sets? > Set name(s) = -comp* -game* -x* > > 2) Would ssh login be affected by lack of X related file sets on the > server? In other words, is ssh one of the "programs that manipulate > text or graphics" in the following paragraph? > > From https://www.openbsd.org/faq/faq4.html#FilesNeeded, > " > > New users are recommended to install all of them. > Some libraries from xbaseXX.tgz, like freetype or fontconfig, can be > used outside of X by programs that manipulate text or graphics. Such > programs will usually need fonts, either from xfontXX.tgz or font > packages. For the sake of simplicity, the developers decided against > maintaining a minimal xbaseXX.tgz set that would allow most non-X ports > to run. The xservXX.tgz set is rarely needed if you don't intend to run > X. > " > > The motivation for these questions is the recent X hole. xserv can probably be skipped in this case (and contains the program which had the recent problem). Some libraries in xbase are fairly widely used by packages. There are no setuid binaries in that set but there are two setgid (xlock is setgid auth, in order to run bsdauth programs, and xterm is setgid utmp, in order to update /var/run/utmp). If you are concerned by that you could mount /usr/X11R6 with the "nosuid" flag. If you aren't using those packages which use libraries from xbase, you *could* skip installing it, but make a note of it so that if you later run pkg_add and get weird errors about missing libraries, you know what you've done.
Re: File sets on internet exposed server
Skipping X and games is usually safe. The compilers might be a bad idea unless you're only installing software from ports. Sent from phone. On Wed, Nov 14, 2018 at 11:48 AM -0600, "Aham Brahmasmi" wrote: Hello misc, 1) For an internet exposed server, would it be ok to not install any i) compiler collection ii) games iii) X related file sets? Set name(s) = -comp* -game* -x* 2) Would ssh login be affected by lack of X related file sets on the server? In other words, is ssh one of the "programs that manipulate text or graphics" in the following paragraph? >From https://www.openbsd.org/faq/faq4.html#FilesNeeded, " New users are recommended to install all of them. Some libraries from xbaseXX.tgz, like freetype or fontconfig, can be used outside of X by programs that manipulate text or graphics. Such programs will usually need fonts, either from xfontXX.tgz or font packages. For the sake of simplicity, the developers decided against maintaining a minimal xbaseXX.tgz set that would allow most non-X ports to run. The xservXX.tgz set is rarely needed if you don't intend to run X. " The motivation for these questions is the recent X hole. Thanks. Regards, ab -|-|-|-|-|-|-|--
