Re: ifupdown writes to /etc... a bug?
- To: debian-devel@lists.debian.org
- Subject: Re: ifupdown writes to /etc... a bug?
- From: Jamie Wilkinson <jaq@debian.org>
- Date: Fri, 4 Apr 2003 17:39:00 +1000
- Message-id: <[🔎] 20030404073900.GB6036@spacepants.org>
- Mail-followup-to: debian-devel@lists.debian.org
- In-reply-to: <20030331134949.GD2127@spacepants.org>
- References: <20030311132627.GB21578@evbergen.xs4all.nl> <20030311205203.GB5305@piper.madduck.net> <b4lq2r$clk$1@news.cistron.nl> <20030312083227.GA23126@azure.humbug.org.au> <1047477161.8182.289.camel@thanatos> <20030312170356.GC2946@dragon.kitenet.net> <87u1dn1220.fsf@mrvn.homelinux.org> <20030329183803.GI20386@tennyson.netexpress.net> <873cl5dcw5.fsf@mrvn.homelinux.org> <20030331134949.GD2127@spacepants.org>
This one time, at band camp, Jamie Wilkinson wrote:
>1) Patch shutdown to write the file /var/run/nologin (unless someone can
>suggest a better place for this)
>
>2) Patch login to test for both /etc/nologin and /var/run/nologin.
>
>This way the admin is free to create and remove /etc/nologin as they desire,
>and shutdown can create the statefile as it desires. It also means that
>there's no transition needed, because the old behaviour is still supported
>if the admin needs to prevent logins, but that the sanctity of /etc is
>preserved.
Okay, so I took the time to patch a bunch of packages to see if any of this
was implementable, and I've been running on my patched versions for about 3
days now.
I've patched base-files, pam, shadow, util-linux, and sysvinit to use /run
as the location for program state, and leave /etc for admin-created files.
I have an aptable repository at
deb http://spacepants.org/debian experimental/
with powerpc and source packages.
Patches for those five source packages are available at:
http://spacepants.org/src/patches/base-files-3.0.8-slash-run.patch
http://spacepants.org/src/patches/pam-0.76-run-and-etc-nologin.patch
http://spacepants.org/src/patches/shadow-4.0.3-run-and-etc-nologin.patch
http://spacepants.org/src/patches/sysvinit-2.84-run-nologin.patch
http://spacepants.org/src/patches/util-linux-2.11z-mount-run.patch
A short summary:
* base-files: adds /run. As discussed, it doesn't attempt to make /run a
tmpfs or separate partition, we'll leave that up to the admin.
* pam, shadow: check for either /etc/nologin or /run/nologin to decide
whether to allow non-root logins. This way, human administrators may
still create /etc/nologin and have it just work, and at the same time
programs like sysvinit may write out a nologin file and not affect /etc.
The distinction I am making here is that /etc/nologin is an admin-created
conffile, whereas /run/nologin is a program-created statefile.
* sysvinit: Don't touch /etc, use /run/nologin only, when there is a delay
before a shutdown.
* util-linux: use /run/mtab for mount's statefile, as admins shouldn't be
editing /etc/mtab anyway, it doesn't belong there. The postinst for
mount moves any existing /etc/mtab that isn't a symlink to /run, and then
creates a symlink from /etc *just in case* there is any other program
that wants to read /etc/mtab. I am happy to scrap the symlink if it's
usless.
All up, theres no more than about 100 lines of patch between the 5 of them.
util-linux is interesting in that it also references /etc/nologin, but it
doesn't look like that code is actually used.
Anyway, I've tested these changes and they're working for me, and the
programs continue to behave as expected. If no-one objects, I'll submit the
patches to the package maintainers as wishlist bugs.
I'm still yet to hear any convincing arguments that moving program state
away from /etc is a bad idea, so I'm keen to see Debian adopt this
improvement to the FHS as policy.
--
jaq@debian.org http://people.debian.org/~jaq
Reply to: