[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ifupdown writes to /etc... a bug?

* Andreas Metzler <ametzler@downhill.at.eu.org> [030329 09:31]:
> > With /run, we can finally have an /etc which is actually all static
> > configuration data.
> Afaict from reading the thread this isn't true. /run moves _some_
> non-configuration files out of the way, but it only works for files
> whose contents may be lost at reboot and does not deal with
> non-static configuration data.
> If you want /etc/ to be mounted ro you'll still need to do your
> homework. For example you'll need to use something like NIS for
> authentication because otherwise users could not change their own
> passwords (/etc/shadow) anymore.

I think here might be some confusion of terms at work. One can also
see configuration as static in the sense of changed by the user and 
describe non-configuration as non-static in this sense. Thus
/etc/shadow (and /etc/passwd, /etc/group and /etc/gshadow as the user 
might also want to change things in there with passwd and gpasswd) can 
be described as "static", too.

And at least the administrative accounts are system configuration and
belong to /etc. If user's account-data is of a other quality and not
to be seen as "system configuration" anymore, nss and pam already
deliver a clear defined way to seperate it from the system
configuration. (though most existing modules are for complex situations,
for having distributed ro-copies of passwd,shadow,group,gshadow been
read addionally to those in /etc, I had to write some own code.)

But that's only a gap between single-user systems (where any user can
become root, remount / rw and change his password) and normal
multiuser system where distribution of the data to multiple computers
forces more complexes systems anyway. (though a nice little nss module
might fix this gap)

  Bernhard R. Link

Sendmail is like emacs: A nice operating system, but missing
an editor and a MTA.

Reply to: