Re: Why are passwords in /etc?

To: debian-user@lists.debian.org
Subject: Re: Why are passwords in /etc?
From: Thomas Krennwallner <djmaecki@ull.at>
Date: Sun, 6 Jul 2003 08:39:00 +0200
Message-id: <[🔎] 20030706063900.GA23302@ull.at>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20030705193731.GA29174@mcgroarty.net>
References: <[🔎] 20030705193731.GA29174@mcgroarty.net>

Hi!

On Sat Jul 05, 2003 at 02:37:31PM -0500, Brian McGroarty wrote:
> Generally, applications and static data go in /usr. You could mount
> /usr read-only save when installing apps, and none of the core Debian
> applications would break.
> 
> Similarly, system-wide configuration data goes in /etc. You could
> mount /etc read-only, save when reconfiguring the system. bind, dhcpd,
> exim, etc would still work, as they drop data in /var. They only
> reference /etc for their initial configuration data.

There were long threads discussing such problems on debian-devel. Search
for "read-only root" and you can read hours ;-)

> Everything would seem to work with the base apps if /etc were
> read-only, except that you couldn't change users' passwords.
> 
> Given that passwords are dynamic data, why are they still squirreled
> away in /etc? Wouldn't it be more intuitive to have /etc/shadow be
> /var/shadow?

Look at [1]. There's lot of work to do if you want to make the root fs
read-only.

So long
Thomas

  1. http://panopticon.csustan.edu/thood/readonly-root.html

-- 
 .''`.  Obviously we do not want to leave zombies around. - W. R. Stevens
: :'  : Thomas Krennwallner <djmaecki at ull dot at>
`. `'`  1024D/67A1DA7B 9484 D99D 2E1E 4E02 5446  DAD9 FF58 4E59 67A1 DA7B
  `-    http://bigfish.ull.at/~djmaecki/

Reply to:

References:
- Why are passwords in /etc?
  - From: Brian McGroarty <brian@mcgroarty.net>

Prev by Date: Re: Can't dialup, possible DNS problem
Next by Date: Re: Static IP config
Previous by thread: Re: Why are passwords in /etc?
Next by thread: Can't Eject CD in Middle of Install
Index(es):
- Date
- Thread