php-fpm service disabled by default – why?

LoDef asked:

The other day our webhost (AWS to be specific) did a reboot due to hardware maintenance and one of our sites went down. It returned a 503 and after some time we figured out that the php71-php-fpm service wasn’t running. Once started the site was up again (also some less crucial services like Grafana & Prometheus had to be started again).
I now intend to make sure this doesn’t happen again by enabling the service as its current setting is disabled. But…
…when checking the status for the service I find this this line quite puzzling:

Loaded: loaded (/usr/lib/systemd/system/php71-php-fpm.service; disabled; vendor preset: disabled)

The question:
– Would I create undesired side effects if I enabled the service?

I mean, there must (?) be a reason a service like this is disabled by default by the vendor. Or am I just being paranoid? 🙂

Our system:
Apache 2.4.6 / Red Hat Enterprise Linux 7.5

My answer:

Most services are disabled at installation time because that’s simply good practice. They should not be enabled or started until the administrator has had an opportunity to configure them. (The exceptions are critical services such as ssh without which it wouldn’t be possible to use the system anyway.)

You can read the Fedora packaging guidelines for default-enabled services, which explains under what conditions a service may be enabled by default.

The most important one here is that services which listen for outside connections cannot be enabled by default. This is to prevent unintended incoming connections to the service before it has been configured and secured according to local necessity.

It appears that on your system, someone started the service but forgot to enable it so that it would start at boot.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.