Re: /run and read-only /etc
This one time, at band camp, Thomas Hood wrote:
>(Re: /etc/nologin)
>> A dangling symlink should be considered like a missing file.
>
>Yes, that would work. However, having separate /etc/nologin
>and /run/nologin looks like a useful feature, as I mentioned
>earlier.
For clarification, (and this is specifically not aimed at Thomas, but
others who may not understand what I've done with /{etc,run}/nologin):
/etc/nologin is a admin-created configuration file. When the admin wants no
users to log in, they create /etc/nologin just as they have in the past and
the behaviour is exactly the same. No programs will attempt to remove
/etc/nologin; it is entirely the admin's responsibility to look after /etc
and any program who thinks it knows better is flawed from the outset.
/run/nologin is a program state file, created by shutdown to alert login
that the system is shutting down and that no users should log in.
/run/nologin can be removed by programs, and will be, because it is only
necessary in the period between the beginning of the shutdown and the end of
the bootup.
Thus, we preserve the sanctity of /etc and preserve the behaviour of
existing programs.
I am using /run rather than /var/run because the file /run/nologin needs to
be available early on, possibly before a /var on a separate partition has
been mounted. If anyone can assure me with 100% confidence that /var/run is
available at all the times that /run/nologin is accessed, then I will
happily amend the patch to move the file.
--
jaq@debian.org http://people.debian.org/~jaq
Reply to: