eno2001's Journal: OPINION: My OpenBSD Impressions So Far...

...haven't indicated to me that my axiom is wrong (as the troll argued with me last week). Namely that OS security and usability is 50% the distributor's concern and 50% the admin's concern. OpenBSD is DEFINITELY NOT for the Windows admin who wants to try a Unix-like OS. Get used to *nix through Linux first, try out Sun Solaris for x86 and then make the transition to OpenBSD when you are ready. Why do I say this? Read on:

The primary lesson I am learning with OpenBSD is that my Linux skills translate to OpenBSD only about 20%. This is really pretty close to starting from ground zero. In a lot of ways I am reminded of RedHat 4.2 now that I've finally got X working. (The problem was that there were some X session files in /tmp ostensibly from when the packager of X created the package)

OpenBSD really is a different OS. csh (the default shell) is hard to use, but standard nonetheless, and ksh is a slight improvement. But what I'm noticing most is that for OpenBSD to really be useful, you are going to have to know enough about Unix and the OpenBSD itself to make educated judgements about what packages to add in order to have a truly useful system. You are also going to need to learn a lot of new skills. For example, my knowledge of configuring and compiling a new kernel in Linux doesn't apply to OpenBSD at all. The bootloader for OpenBSD is more reminiscent of firmware from a DEC Alpha or the ISL boot on an Itanium system rather than a bootloader like LILO or Grub, it just presents you with a 'boot>' prompt. (Still a lot for me to learn regarding the boot process) I also had some trouble getting X (xdm) working properly due to the aforementioned session/auth files in /tmp. Oh well... thanks to Unix.com I got the answer to my problem. (There is still the nagging question of how to kill xdm and X (in Linux I just 'init 3') to get back to a multiuser CLI environment other than using ps ax | grep xdm and killing the processes by ID and then cleaning up /tmp/.X* and /tmp/.ICE*.) The point of all this being, that it's definitely not a "plug and play" affair. It's very hard to set up and use, and needs a lot of extras to really be useful beyond the most basic services (static web pages except for maybe Perl CGIs, DNS, DHCP and very limited X by default).

This is not a slam at OpenBSD. It appears to be a very secure but limited platform in it's default install. This is a slam against the idiot troll who claimed that OS security is not 50/50 split between admin skill and distribution packager integrity. I still hold to my claim that it is a 50/50 split in most cases. But due to the complexity of OpenBSD compared to RedHat Linux, it's more likely that you will need advanced Unix skills that most people don't have in order to take advantage of OpenBSD's secure platform. It's definitely not something you can just start using within a few hours of installing it for the first time. Everything takes a lot longer to do initially because you have to get used to a VERY DIFFERENT (from most Linux distros) approach to everything.

OpenBSD is most certainly fairly secure, and the people who manage it do give you the warning that you should make the judgement for yourself whether or not it suits your needs, but you're not going to be able to install it without previous knowledge of *nix. If you do try, you're going to have a hard time installing it and likely get frustrated. I know I was getting a bit annoyed with certain things about it. I got it to work more or less, and I'm going to press ahead, but it's definitely not easy. So I still say tht my reasoning holds; it doesn't matter which OS you choose, the security and usability of that OS is going to rely 50% on your abilities and 50% on the people who packaged the OS. The ratio changes a bit for OpenBSD with your needed abilities being more like 80% of the equation and the OS packager's quality/integrity being 20%. If you really trust your abilities to compile your own apps under a Linux distro, you should wind up being nrealy as secure as OpenBSD.

I'll post more here about my experiences since I am sure that the more familiar I am with OpenBSD the more likely that I will find thigs that I do like in it.

Re:

[account_deleted]

Comment removed based on user account deletion

admin on OpenBSD

[merlyn]

It's not necessarily that administering an OpenBSD system is hard, especially when you come from Linux. I think you'll find that all of the *BSD family will seem strange when you come from Linux, just as I felt like a fish out of water having come from classic (real) BSD and trying to administer a Linux system.

Also, OpenBSD is really not so much a desktop Unix as a server Unix, which means the X-level stuff will probably be a bit lacking.

Having said that, I wouldn't run anything but OpenBSD on my 24x7

FreeBSD

[Badanov]

I started learning FreeBSD some time ago, and I administer two Linux boxes at work and two at home. There is a steep learning curve to be sure, but once you get over the hump, BSD is a wonderous OS.

The hardest thing for me to get used to was the implementation of cron. It is probably for security purposes it is laid out so only the base editor can be used to initiate a cron job, but it was quite vexing to get it to work.

Now, I have to BSD servers at home and one Linux one, the BSDs hold my web and mai