Protip: systemctl disable: disable from launching at boot time. If you want to make sure a service cannot be started at all, what you want is systemctl mask.
e.g., if the (insecure) rsync daemon could be running at the moment, these three should have you covered:
sudo systemctl stop rsync
sudo systemctl disable rsync
sudo systemctl mask rsync
(PS. Yeah, you really shouldn’t be running the rsync daemon. And you don’t need it to use rsync over ssh.)
@aral there's also disable --now which is like disable && stop
@aral also you don't really need sudo, systemctl will ask you to authenticate via PAM which may actually be nicer than sudo
@AMDG2 @aral well first of all sudo is also working via PAM, IIUC. It gives you nice things as a user, such as being able to use your fingerprint sensor or your face/retina scanner hardware to authenticate. As a sysadmin, you can set up policies (not that I use this). You also get LDAP support.
Unlike sudo, systemctl actually ends up using a graphical fingerprint/password prompt, if one is available (if you're running it in a graphical session).
Then the real advantage is the desktop integration for me. Regarding the multiple factor authentication, is it supported from terminal? Is it something you saw implemented in practice?
@aral systemd systemctl tip:
enable, disable, and mask all accept "--now" to also apply the setting to the running system at the same time.
So, to mask rsync, it can be shortened to one command:
sudo systemctl mask --now rsync
@aral (Personally, I think systemd state and similar things, such as firewalld, shouldn't have a distinction between doing something and having it persist across reboots. It should all be in sync. Anyway…)
@aral this is a real thing you should be checking, some bad distros (*caugh* those with dpkg) will autostart services you should *never* run on an open network, like rpcbind
This is my personal Mastodon.