[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: Moving libraries to /lib?

On Mon, Sep 23, 2002 at 10:54:00AM +0200, Torsten Landschoff wrote:

> I got a bug report on libldap2 which requests to move the libraries to 
> /lib, as /usr can not be unmounted when using PAM/NSS and LDAP (#159771).

> I don't think this is a good idea. 

> 1) even with libldap linked from /usr, it should be possible to remount 
>    that filesystem ro which would not cause any data loss
> 2) with that explanation we would need to move every other library used
>    in PAM modules to /lib as well (think libpam-mysql, libpam-pgsql, etc.)
> 3) AFAIK those PAM modules are only opened for a short time when 
>    authenticating the user. Once the session is set up I don't expect 
>    them to be in memory.

$ for F in /lib/security/*; do ldd $F | grep -q /usr/lib && echo $F; done

Plenty of precedent for leaving libraries in /usr/lib when used by PAM
modules -- and pam_ldap would not be my first choice for a PAM module to
do this with, since there are plenty of better authentication schemes out
there than the one LDAP provides.

Steve Langasek
postmodern programmer

Attachment: pgpnLR2roclW9.pgp
Description: PGP signature

Reply to: