[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ifupdown writes to /etc... a bug?

Brian May <bam@debian.org> writes:

> On Sun, Mar 30, 2003 at 03:42:55PM +0200, Bernhard R. Link wrote:
> > I think /etc/shadow is good where it is. Somewhere the root-password has
> > to be stored and this is merely static. There are /etc/nsswitch and
> > /etc/pam.d/passwd for people wanting users passwords store elsewhere.
> Agreed. You can get full day to day functionality without needing to
> write to /etc/{passwd,shadow}. Personally, my preference would be to use
> a shared LDAP server, but I guess it depends on your application...
> However, it isn't quite as simple as you make out.
> For instance, every /etc/pam.d/* pam module would have to be changed,
> not just the password change service.
> Also, programs like adduser/useradd/etc only support /etc/password,
> /etc/shadow, and /etc/group (AFAIK). So management of these entries
> becomes an issue.

Anything that reads thos files would have to be realy braindead not to
follow a symlink. Only problem are tools writing to the file by
creating a temporary and then moving that.

Anyway, there are ways around the problem that are better suited for
the task of pools with RO root filesystems and the like anyway so lets
not worry too much about the easy problems.


Reply to: