[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ifupdown writes to /etc... a bug?

Arthur de Jong <arthur@tiefighter.et.tudelft.nl> writes:

> On Sun, 23 Mar 2003, Anthony Towns wrote:
> > Eh? passwd and useradd are part of the admin's toolset; if they need to
> > write to /etc (rather than using ldap or similar), the admin needs to
> > remount / rw. This is exactly the same as needing to mount / rw when
> > running apt-get and dpkg.
> I probably use passwd more often as a non-priviliged user (to change my
> password) than as root.
> I very much like the possibility of a ro-rootfs and would run all my
> systems with ro-root if it would be easy to set up. But not at the cost of
> having /run or /mem polluting my filesystem. Making tools more ro-root
> friendly is a good idea but please keep my root directory clean.

Would /var/run be ok for you or /var/state? But then one would force
the creation of another partition or do without a /var partition.

> Also I don't think it's very easy to make a distinction between admin
> related activity and "normal" activity done by unpriviliged users (e.g.
> regularly update /etc/motd with news items, changing passwords, adding a
> virtual host to apache config, etc). I don't think it's very clear what
> should go in /run and what in /etc if you decide to make a /run.

The destinction should be between maschine writeable files, user and
admin activity. The first must exist, the later two can be limited. Of
cause the best solution would be to have the RO / system behave
exactly as a RW / system does (for all alowed actions) but that won't
happen. A RO / will have some advantages and some drawbacks.

Every admin has to weight the two against each other and decide (and
accept the punishment from his users if he's wrong :).


Reply to: