[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: merged /usr considered harmful (was Re: Bits from the Technical Committee)

On Mon, 19 Jul 2021 15:19:32 +0200, Michael Biebl <biebl@debian.org>
wrote:
>Am 19.07.21 um 07:23 schrieb Marc Haber:
>> I am NOT looking forward having to manually convert legacy systems to
>> merged /usr and I do sincerely hope that Debian will choose a way to
>> get away without throwing away systems that have just a small /, still
>> supporting a dedicated /usr as long as it's mounted by initramfs. I am
>> not sure whether we ever issued a clear statement about that.
>
>I think this is a misunderstanding. Files from / would be moved to /usr. 
>So the only way this could fail is, if your /usr partition was too 
>small.That's still a possibility for existing systems, but a much 
>smaller one then moving files from /usr to /. Typically a separate /usr 
>partition is larger then /.

Right, that sounds much easier. It's still an Open Heart Operation,
especially for systems that I don't have out of band access for, which
is rather common for smaller installations.

>I assume you are referring to the sulogin issue here [1], i.e. whether 
>we require a root password on an emergency failure or not.

Yes. From my point of view, this is taking away a freedom from the
local admin.

In an ideal world, boot failure behavior would be locally
configurable.

A mis-booted sysv system, if I remember correctly (I have been a
mostly happy systemd user for already quite some time), could be told
to "just try to continue and show me how far you get", which in the
vast majority of cases led to a regular login prompt from which the
user-login-plus-sudo routine just worked. This didn't hand out any
more root shells than the current way of stopping dead and refusing to
do anything without the "real" root password, as far as I understand.
I probably don't have enough experience to have the final call on
that. But it's just a pet peeve of mine that I can easily live with.

>Fwiw, this is mostly me being paranoid and not handing out root shells.

It's good to be paranoid by default. It's bad to force that paranoia
on the local admin who might have a choice to move to a different
distribution. But alas, the others do it the same way. So it's just
freedom lost.

>This has nothing to do with merged-/usr.

I never said it has.

Greetings
Marc
-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     | 
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
Reply to: