On Wed, Mar 26, 2003 at 11:18:49PM +0100, Russell Coker wrote: > On Wed, 26 Mar 2003 19:37, Goswin Brederlow wrote: > > > sendmail daemon > > > sendmail -t run by the user for some mail servers > > > Various daemon start scripts. > > > ntpd > > > hotplug > > > samba > > Why would they ever need to write to /etc? They can and should all use > > /var for machine writeable files. > Samba has it's smbpasswd file that is written by network password > changes, and a few other writable files. No, smbpasswd is the last file left that Samba writes to in /etc. If there's a consensus that it should be moved, now's a good time to do it: Samba 3.0 will include a new binary database format which, if all goes well, will replace smbpasswd as the default SAM backend, and this passdb.tdb file seems most suitable for moving to /var/lib. It's only still in /etc right now because upstream uses the same directory path for smbpasswd and passdb.tdb, and smbpasswd has been kept in /etc because it's human-editable (and by analogy with /etc/passwd). > I don't know why the others need such access. I just looked at the SE Linux > policy tree to see which programs were permitted to write to files under > /etc, apparently the programs would not work properly without the access > being granted. I think your policy is accounting for outdated versions of several packages. The current location for ntp.drift is /var/lib/ntp/ntp.drift, where it belongs. -- Steve Langasek postmodern programmer
Attachment:
pgpN9c64q2ntP.pgp
Description: PGP signature