Slashdot Mirror
How to Fix the Unix Configuration Nightmare
jacoplane writes: "There's an interesting article on freshmeat talking how sorting out some kind of standard for configuration could really help Unix systems could be more user friendly. The article points out that since Apple has managed to build a quite usable system on top of NetBSD, it should be doable to do the same for open-source interfaces."
These days, one can usually get away with the "./configure; make; make install; " routine and not need to worry so much. In any case, some of the charm of Linux does lie in your being able to tweak things. And Apple had the luxury of making one decision about software questions and implement them across all hardware.
The part that makes such a system really useful however, is a standard agreement of which information is stored and what it means. This is where the Windows Registry falls down. And Unix is even worse, because all it has is some common soft-of-agreed-upon shell variables, like $EDITOR etc.
Apple is able to do this better because they set the standards for the OS (even more than MS). The can have one central "registry" for something like default associations of MIME-types with particular applications and define an API so every application can use it and a user doesn't have to change his settings in his browser AND his mail client AND his ftp client, etc.
Given the diversity of the unix crowd, the latter seems difficult to me. Maybe they can include it as part of LSB for a start?
Idempotent operation: Like MS software, wether you run it once or often, that doesn't make it any better.
I was thinking this morning how I hadn't udpated my Apache server in a while, and wondering whether I should apt-get the latest version (Apache is kind of important for security, as it's the only open port on my system from the internet). However, I've done various tweaks to config files which would get overwritten if I accepted the Debian standard file, but I don't want to miss out on any new settings that could be important. I know I can do a diff, but that's effort I'd rather not have to go through.
This kind of situation is where a registry-like interface is useful; the install program just has to do a quick 'if-not-exist then add' to any new settings and leave the rest alone (or ask if you want an overwrite of all settings, with appropriate disclaimers).
This kind of thing is difficult to do in a flat file split into different sections (if there isn't a concept of sections, you can just tag the setting on), but trivial in a registry structure, especially when the tool (dpkg-upgrade/apt/rpm) has to handle all the different file formats. However, linux/Unix users would rebel en masse if the registry got inflicted on them (with damn good reason! I like being able to fix problems from single user mode using vi!), but some form of layer between the text file and settings may provide the best of both worlds (programmatic ease and editability). apt/dpkg/rpm could use the interface to add/modify settings without splatting your custom tweaks while still adding the new required settings.
Unfortunately, we're starting from a difficult point, with thousands of applications with many different requirements for their settings. Hopefully we can get some covergence over time.
Because there is only one captain on the ship, Apple. Good luck fixing it in the Linux world. The only way it might have a chance of working IMHO is if such a proposal gets included the Linux Standard Base. Here's a bold idea, why not copy the way Apple does it??? No need to reinvent the wheel...
-adnans
"In short: just say NO TO DRUGS, and maybe you won't end up like the Hurd people." --Linus Torvalds
"gconf" does exactly what the Freshmeat article describes: a unique way of storing configuration. Its frontend is abstracted from the backend which uses a hierarchy of small plain XML files per default but could also use a SQL database or a LDAP directory.
LDAP is nice on its own, too, with configuration being stored platform- and host-independently, as well as global, group-specific and user-specific settings. Netscape Roaming works this way.
Why fix it? It's good right where it is.
/like/ having daemons and programs having their own configuration file. I like having to be able to manually configure something and fix it myself, without having to fight with some meddling front-end. I like learning how configuration is done with each program. I like applying existing text editing and stream tools to work with configuration. This is the way it should be done, and this is why I like Unix far more than other OS's that aren't predominantly CLI-based.
I
Don't fix it. It's not broken. Things work great as they are now. It's not difficult if you want to learn how to do it. Your "Unix Configuration Nightmare" is actually an elegant symphony of applications, clients, daemons, sockets, and streams that is UNIX. Take it or leave it.
:)
And you know, when I was your age... wait, you get my point.
"[T]he single essential element on which all discoveries will be dependent is human freedom." -- Barry Goldwater
Sure, installing software is easy. Unpack and compile. We are talking about configuring software.
Like getting sendmail to rout and forward mail, apache to serve up web pages you want, BIND to bind names to IP address, etc.
These tasks arn't "hard" or anything, but they do require a lot of reading on the part of a Newbie. In the windows world (don't know much about OSX) Most of that stuff can be done via am intuitive GUI.
Flame me if you want, but I'd greatly prefer a system that didn't require me to learn diffrent config file formats for each service I want to have running... or deal with a hodgepoge of 'easy config' program hacks.
A simple, standard configuration system is definetly the way to go.
autopr0n is like, down and stuff.
I've been thinking about this for a while and definately think that there needs to be various elements to a Unix configuration system:
l
1) The concept of local and group configuration. There needs to be a Meta config file that specifies what individual users can and can't configure. So for instance, if a company wanted to allow users to configure their word processors however they wanted, exect that they couldn't make any changes to the dropdown menu of corporate document templates, that would be specified in the Meta file.
2) A configuration server. I see no reason why this couldn't work with http to deliver XML config files to individual workstations. The Meta files could reside on the server, the local files on the hard disc. You could imagine in this senario that in order to configure your machine all you would have to do is enter the appropriate URL and press go:
http://intranet.company.com/configs/standard.xm
Then you could have different configs for different types of staff, and supported and unsupported configs (from the point of view of IT support).
You could also perhaps have 'approved' config files for supported hardware.
Having this type of Meta config file also allow IT support to have a clear idea of all the hardware used.
I know that probably lots of people on Slashdot don't like the idea of IT support having control over the config of their machines, but big companies like it and if Linux is going to conquer the desktop then this is the type of tool that will help get it there.
There's lots of cool stuff you can do with standardized configuration files, and dynamically generated GUIs are only one part of it. But developers are not going to change their file formats unless there's a real push for a specific format. Thus, to establish any format, you first have to develop lots of filters to support legacy software. As the FM author correctly points out, such a system would make software configuration under *x potentially much easier than under Windows.
Finally, to all the hackers who fear that this will take away their file-meddling options: If properly implemented, it won't -- and if it does, it will not get accepted as a standard, exactly because of stubborn people like you :-)
The real issue is finding the configuration file; if you're using a distro you're not used to, then one often has to resort to using find. This is exactly what the Linux Standards Base was designed to avoid, and if all distros were to follow this model then I can't see that there is any real problem.
At the end of the day, we're not talking about things like setting background pictures in the window manager, we're talking about setting up mailservers, webservers and the like. If you're not cluefull enough to edit a text file then you're not cluefull enough to be put in charge of setting one of these servers up either.
Blaming GW Bush for the Iraq war is like blaming Ronald McDonald for the poor quality of food.
I'd agree that XML is a good basis, but "XML" really doesn't provide much by itself. It's just a file format that is human readable. If you just use XML with a bunch of proprietary tags, your own XML language so to speak, you really don't gain much over the existing different syntax config files.
An automated tool has no clue what your ipaddress (or whatever) tag means at all. You need to provide additional context for tools to understand the semantics of the configuration data. To make configuration files understandable in a more intelligent sense, you need to either restrict the tags you use to your own configuration language, or you need to provide metadata of some sort.
Why is this intelligence necessary? Well there are all sorts of dependencies and relationships in configuration files. You might want a GUI to let you know if you change something that may break another setting, and so on. Plus ideally you would only allow legal values to be set. Data typing could be done with W3C XML Schema Definition Language, or RELAX NG schemas.
Which brings me to RDF, which I think would be better suited to this task than XML alone. If you use RDF (see http://www.w3.org/RDF/ ) you make it much easier to have a self-describing format that tools can do more intelligent things with than raw XML. While I don't think RDF, DAML+OIL, et al is enough to create a Semantic Web as Tim Berners-Lee is hoping, it _is_ a step in a higher-level direction that will support more intelligence in processing data.
Mozilla already uses RDF for various configuration files and I'm sure there are other applications that do too. Mozilla has a whole bunch of stuff about their RDF here.
XML is just a tree of "stuff" in human-readable format. RDF lets you set up properties and relationships in the data in a standardized way. I don't have a brilliant example to prove this to skeptics, but really it is a better way to represent a lot of types of data you want to be able to query. There are many knowledge bases, expert systems and other query engines already out there using RDF and even higher-level languages like DAML+OIL.
-Kevin
My (possible redundant) 2/100:
For every application we need two compilers/parsers: one from text to XML and one from XML to text. This way the programs can keep on using the old text config files (easy for programmers), and a nice config tool could modify the hiracical XML (easy for users).
I imagine that when the config tool is opened for some application the text config files are parsed with the text->XML parser, showed and modified via the config tool, and then parsed back into a text file.
It took MacOS X for people to realize that this was a problem in UNIX? Please.
/etc/registry.conf. There is no reason it has to be binary.
The reason UNIX and UNIX applications are hard to configure, in most cases, is because Open Source programmers are lazy.
This is obviously a blatent generalization so I will explain.
The old adage is that an Open Source program gets written when a programmer has an "itch" they decide to scratch. The problem is that very few people are itched by configuration. You may write the best web server in the world (Apache!) but by time it comes to writing the configuration manager for it the volunteers start falling away.
It isn't very fun writing a bunch of dialogs, windows, buttons and such to make a nice configuration for a program. It's kinda like documentation (and we all know the state of docs for many UNIX programs).
I see examples of this every day. I have a Mac OS X using friend who sends me the URL of every new program he decides to use. It's incredible how many of them are UNIX ports with a beautiful configuration manager stuck on. Mac programmers hold themselves to a higher level of user experience and UNIX people need to get on the boat.
What's needed isn't a global, all dancing, all singing configuration system. What is needed is responsibility in programming.
P.S. Everyone always whines about the Windows registry because it's binary, you can't edit it blah, blah, blah... But the fact is: It works. The average user never cares to edit it because they config their programs from WITHIN their programs. If something is truly needed, do the Windows registry in text file format. Make it
What we need is exactly what the author is proposing. A generalized configuration system that works off meta data that the software developers supply.
- All the possible configuration options in logical groupings
- descriptions of each option
- default values
- validations on input values
- being able to label options as 'experimental', etc...
- and of course option dependencies - that is if this option is turned on, then enable these 5 other options.
To do it right you'd ultimately you'd probably need to have a very light scripting language with flow control and variables.But the important thing is to get a workable standard in place, one that the majority of developers can rally around and will be happy to develop configuration scripts for their applications. Most developers wouldn't even have to change the way their application reads the config files - documenting everything in a form that this 'configuration manager' can use would be enough. It's already been too long - we shouldn't wait any longer to get this process moving forward.
I actually think this is a great way to go and am curious to know what can already be leveraged from Darwin. It appears that Core Foundation, a Darwin framework, contains the majority of the PList interfaces. Is Core Foundation portable under APSL?
I'd rather invest in one approach (that already works) rather than take the "I must create something pointlessly new" route. Plus - let's let's see Apple "contribute" to this one...
- Certain configuration file-formats we're kinda 'stuck' with. For these files, we just have to write the plug-in which can read, write, and parse them. We don't have to re-write the application to comply with The New Way. The app doesn't need to change, or even be aware of the configuration library.
- A configuration utility written to use the library would be able to configure all applications which have the appropriate plug-in installed. So if someone writes a nice pretty GUI X-based app, it can configure everything. If someone writes a curses-based text menu app, it can configure everything. A web-based configuration app could also configure everything. Some config-apps could be oriented for gurus, and some could be designed for newbies.
- Eventually, applications themselves could use the library to read in their own preferences. Bonus - it's a little easier to write applications now.
All that being said, I foresee some 'gotchas' -This is a non-trivial problem, and one I have some experience of (failing to deal) with.
My program is called "createusers". I wrote it because I wanted to make the following for 100s of new users in one go: user login, Apache home page, Samba account, PostgreSQL database, and MySQL database. I also did my best to make it extensible.
You can find my program here:
http://freshmeat.net/projects/createusers/
and here:
http://www.lfsp.org/
The fundamental problem I faced when writing createusers is there is no standard programmatically-accessible way of:
1) finding out what can be configured in each application
2) applying and undoing the changes.
Furthermore, I would like to make createusers programmatically-accessible. Unfortunately at present I cannot, because there is no standard way for me to let other programs know what facilities my program has, and no standard way for me to make them easily turn-off-and-on-able by other programs.
I received some add-on contributions to my program from other people. I noticed that their programs said "Have you enabled X in createusers.conf?", "Have you enabled Y in createusers.conf?", etc.
If I had standards-based turn-on-and-off-ability for my program, then my contributors' programs would have been able to do it for themselves. They would be able to easily check what things my program is set up to do; AND they would be equally able to change it.
This is a problem for people Much Smarter Than Me. If it is solved, then I promise to put the necessary bits in to my program so its setup can be easily, securely queried and changed by other programs.
We should use actual Python code as the configuration file format. It's callable directly from C, and by extension, all other languages. It's nice and clean. It supports heirarchial inclusion of other configuration files. It has easily readable comments. In short, it's the perfect configuration file specification language.
Yes, and the discussion went to the next step and started talking about possible APIs. The parsing of XML (DOM and SAX -- DOM for in-memory data structure and SAX for streaming access) are well understood and, most important, already done with innumerable tools already written.
Wrong! Wrong! Wrong! You haven't read the spec and are obviously making assumptions based on what you've heard from others who haven't read the spec either. XML Schema allows not only the specification of integer, string, float, date, etc. values, but integer subsets (greater than and less than) and string patterns (through regular expressions). And RELAX-NG can use XML Schema's datatype support as well.
Do you have something that does validate IP addresses for example or were you just complaining about how one thing doesn't (even though it does) without showing anything that will solve the problem. If you say regular expressions, I must remind you that XML Schema supports regex matching of attributes and element data.
Could you please enumerate these non-compliance issues? An encoding issue? Bugs in DOM or SAX support? What? I wonder about the vitrol of your argument without any specifics. Especially since I been using both parser that you mention (and a few others) without any noticeable issues associated with the standard. Any problem were usual to do with parser extensions to the standard which are fairly simple to avoid.
You're right! That is a big issue. Unfortunately for your argument, it is not an issue with the leading parsers that you mentioned yourself: Xerces and MSXML. The default parser for Java (Crimson through JAXP), the default parser for Windows (MSXML), the default parser for Perl (XML::Parser I think...haven't used it yet) to name a few ALL handle entities. This is like saying that there are many web servers out there that don't support CGIs with the obvious intent of dissuading use of web servers.
I agree, but you're missing an important aspect here. INI files are usually one and at most two levels deep. They do not handle hierchical structures well at all! Let's look at a snippet from a default Apache configuration file.
What do we see? Hmmm... Because the key/value pair format doesn't allow hierarchy, they fell back to something that looks a bit...er...XML-like. And it isn't key=value, it's key[whitespace]value. Yet another issue: one file has the equal sign and others don't. I thought we were aiming for consistency? And what if the parameter is a message and that message has a newline character? A '\' at the end of each line? A '\n' where appropriate? These are problems that XML has solved.
And let's not forget Unicode support. We English speakers may have a hard-on for English, but can't you imagine a case where a program intended for a non-English speaking audience would want -- if not the names of the parameters themselves -- parameter values in alternate character sets than ISO-8859-1 (Latin1)? And before you rebut with UTF-8, do you want to write the UTF-8 translator? What about the other codesets? Are you strictly limiting to UTF-8? This is another area of XML parser that keep it simpler for the programmer. Transcoding is done for you and is most likely better implemented and supported than what you or I would come up with.
And when you have multiple "Files" definitions? Well, multiple blocks right? The "Order," "Deny," and "Satisfy" parameters are associated with the "Files" definition, yes? So why aren't you associating a group of "Files" definitions together? Because that would require further hierarchy? Would you end up with something like this?
Set up a relatively complex configuration where you have virtual hosts and those virtual hosts have behavior different from the default. What's that? You include them in tags by host? Tags that look somewhat like XML anyway you say? Imagine that!
And what about the comments? For some formats, the comment is the ';' character. For others it is the '#'. And none of which I am aware differentiate between implementation comments and actual directive comments. For example. the comment above describes the configuration directive so that any configuration editor could conceivably read in that info and display as help to the user (assuming that all comments were kept correctly before the directive and not after or on the same line). But what if you wanted to make comments about your specific installation. You are making comments so that others in your working group can see why you made certain changes to the config file, right? So how are they differentiated from the primary directive comments. This is the type of problem that XML namespaces are intended to solve -- a way of giving demarcation points to distinct pieces of (sometimes) unrelated data or simply the clean combination of multiple schemas so that your schema definition doe not bloat to immeasurable levels and different schemas can easily share with one another.
Something keeping back Linux/BSD/UNIX is the stubborn, 1337 coders who spent all day figuring out a config file that some joker on the net thought would be a keen config format but forgot to comment it. Let's face it, Apache is not the norm. Config parsers are a known problem with known solutions. Writing a config file parser is not the primary focus for most programmers out there. The config file is a necessary evil to them. Let's make it easier and just say, here's your DOM interface. It's well documented, works well for the limited dataset with which you a working (config files are usually less than 50K), will handle any configuration organizational type you want (hierarchical, flat, etc.) and will save you the time of writing a parser yourself.
Have a nice day.
- I don't need to go outside, my CRT tan'll do me just fine.
But if the Linux community even't can't agree on common interoperability for business apps (like OLE) between two major desktops, a thing which is important to push linux on the desktop, nor any commong config file format (xml, unix config way, sendmail, etc...), how can they agree on a common config scheme?
We will now hear from all the people who insist that "they have to do wierd thing X because it's (traditional) (k00l) (needed to support their 386 machine)". They're wrong. Someone needs to be a hardass and fix this thing.
Advocates of auto-detection instead of manual configuration I'll deal with right now: Applications in certain problem domains require explicit human-supplied configuration data. This is unavoidable in any application that has to implement some choice of policy, especially security policy. There are some things you can't ever autodetect, so if you can't configure the application, then you need many different applications, each hard-wired for one possible desirable configuration. Certainly a lot of things that should be auto-detected are not, but auto-detection will not eliminate the configuration problem.
Windows and Mac are platforms controlled by a single vendor. That vendor has a _lot_ of influence over how applications are designed for that platform. When the vendor designs and implements the platform, the vendor will (intentionally or otherwise) reward applications with an architecture consistent with the vendor's design, and penalize those that don't. Applications tend to comply with the vendor architecture because the cost of non-compliance is greater than the cost of compliance.
Unix is not a platform controlled by a single vendor. Heck, it's not even a platform; it's a bunch of little standards that were chosen arbitrarily and stitched together. Linux, FreeBSD, SysV, BSD, Solaris, QNX, HP/UX, etc. are not Unix platforms--they are platforms compatible with Unix, implementing parts of the SUS, ANSI, and POSIX standards, with varying degrees of completeness and success. As such, there is no reward for making an application's architecture consistent with the OS vendor's design; contrariwise, there is a compelling reward for an OS vendor to make an OS architecture consistent with a desirable class of application.
The difference is critical for understanding the configuration file nightmares of both kinds of platform. Windows has a really awful configuration mechanism that nobody would ever use if they weren't compelled to; however, certain parts of Windows are only conveniently accessible via this configuration file format, easy (if not reliable) methods to access the format are provided to all developers and available on all end-user machines, and the configuration schema does not define a lot of policy to get in the way of extensions (need new schema? Add a new DLL!). The Mac has a different architecture and mechanism with the same consequences.
On the other hand, applications that run on Unix are, in whole or in part, designed for "other" systems. Applications that were designed and written exclusively on Unix-like platform X eventually get ported to some other Unix-like platform Y--those that don't tend to be eventually replaced by similar applications that do. When this happens, the resulting application is an alien on both platforms. The application must find everything it needs on each target platform, or it must bring with it those things that are missing from some target platforms. This means that the application will have translation or interpretation layers (all C apps have at least one translation layer in the C compiler) and replacements for missing functionality in the target platform.
Now for the delusions. New code written in a language with link-level compatibility with a free, small, fast, easy to use in code, portable, robust configuration mechanism library will have no problems. Note that the status quo is already as free, small, fast, easy to use in code, portable, and robust as it needs to be for applications that already use it, so alternatives which are not all of these do not merit discussion.
However, there are constraints imposed on this hypothetical library by legacy code:
- It would have to be already installed or available on all Unix-like systems with bindings to all Unix-like languages,
which rules out nearly everything invented after 1978. Otherwise, every application (and language!) must bring either a copy
of the library or their own code. Strangely enough, "open file," "read text line," and "lexically analyze this string" primitives
are implemented in nearly all Unix-like languages, and interactive text file editors are shipped on nearly all Unix-like systems...
- It would have to be as small and fast as fgets+scanf, or a lex+yacc parser, otherwise it will hurt performance or have
a large footprint, and people who care about performance or size won't use it. XML can't do this unless you drop the i18n and
character entity and encoding support--at which point it's not really XML any more.
- It will have to use small ASCII text files for persistent storage, otherwise you have to implement and force everyone
to use either your own editing mechanism (aka "a control panel DLL"), or you implement and force everyone
to use replacements for Unix filesystem-crawling tools which allow you to selectively access the data (aka "the registry and
regedit", or "replacements for cvs, vi, find and grep")--both of which violate the "once and only once" rule since these
facilities exist already in Unix and they are used for this purpose.
- It will have to be used directly by the actual applications--otherwise you violate the "once and only once" rule
by having either two configuration files and two applications (the real application, and a configuration application), or two
configuration file handling mechanisms in one application (for old-style and new-style config files).
It might be possible, given overwhelming demand, to convince maintainers of significant mature legacy code to adopt the new configuration mechanism, if the XML-based mechanism is more widely ported and better debugged than their own configuration-management code. Good luck, and be prepared to do the work yourself many, many times over until you either change their minds, or they leave the project and you're stuck maintaining the code by default.Note that other standardization initiatives, like FHS or the LSB, involve relatively superficial changes which application maintainers were probably willing to make anyway. The FHS and LSB ask application maintainers to change the parameters to a few system calls without affecting the architecture of any part of the application or the semantics of its operation. For example, the application may open()s a file, but after the FHS is implemented that file has a different name. Both names are constant strings, the file is still opened for reading, and it still has the same contents with the same syntax and semantics. A one-line change and a recompile brings the application into compliance, and in an emergency, a symlink will make the application work.
Other initiatives, such as DNS and PAM, are usually facilities that are not intrinsic to applications. Host name resolution or user access verification involve resources shared by many applications, and there is a real technical penalty for non-compliance.
Changing the way applications handle configuration is a large architectural change--you're asking people to replace open(), read(), close(), and some code which is intrinsic to the application with new functions that have different semantics, and may even have to be called at different times. Expect resistance.
The only hope of this ever happening in real life is for a Linux distributor to decide to implement it, and contribute the work to achieve it. Said vendor will have to hack and slash their way through hundreds if not thousands of packages to bring them into compliance. Once all of that is done, all the upstream package maintainers will have to integrate the changes--or all the other Linux vendors will have to repeat the hack-and-slash job.
-- I avoid spam by accepting only OpenPGP encrypted or signed email at this address. Clear-signed, RFC2015, heck, even