[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ifupdown writes to /etc... a bug?



On Wed, Mar 26, 2003 at 11:18:49PM +0100, Russell Coker wrote:
> On Wed, 26 Mar 2003 19:37, Goswin Brederlow wrote:
> > > sendmail daemon
> > > sendmail -t run by the user for some mail servers
> > > Various daemon start scripts.
> > > ntpd
> > > hotplug
> > > samba

> > Why would they ever need to write to /etc? They can and should all use
> > /var for machine writeable files.

> Samba has it's smbpasswd file that is written by network password
> changes, and a few other writable files.

No, smbpasswd is the last file left that Samba writes to in /etc.  If
there's a consensus that it should be moved, now's a good time to do it:
Samba 3.0 will include a new binary database format which, if all goes
well, will replace smbpasswd as the default SAM backend, and this
passdb.tdb file seems most suitable for moving to /var/lib.

It's only still in /etc right now because upstream uses the same
directory path for smbpasswd and passdb.tdb, and smbpasswd has been kept
in /etc because it's human-editable (and by analogy with /etc/passwd).

> I don't know why the others need such access.  I just looked at the SE Linux 
> policy tree to see which programs were permitted to write to files under 
> /etc, apparently the programs would not work properly without the access 
> being granted.

I think your policy is accounting for outdated versions of several
packages.  The current location for ntp.drift is /var/lib/ntp/ntp.drift,
where it belongs.

-- 
Steve Langasek
postmodern programmer

Attachment: pgpIcvbZ3gEqF.pgp
Description: PGP signature


Reply to: