[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SOLVED] Re: old entries in sources.list?

On Fri, Jun 20, 2025 at 12:12:09 -0400, Jeffrey Walton wrote:
> Unfortunately, I cannot find a Debian specific article on
> configuration directories. However, Red Hat has "Linux configuration:
> Understanding *.d directories in /etc,"
> <https://www.redhat.com/en/blog/etc-configuration-directories>. Now
> that we have configuration directories, admins are expected to make
> their changes in them so:
> 
>     Instead of editing this single file each time an application
>     is added or updated on the system, we separate the
>     configuration for each application to a specific file.

And this is all *new* stuff, right?  Last 10 to 20 years?

Debian is much older than that.  Debian's conffile policy is much
older than that.

> The point is, you don't want to do gyrations on updates, like copying
> fragments of an old config into a new config.

Yes, it's a good idea in general.  I won't argue that.  It's also not
something that admins are expected to know about, or to do.  Admins
are independent beings, who will usually continue doing the same thing
they've been doing for the last 40 years, which is editing the files
that they need to edit.  The Debian conffile policy is built around
that practice.

In the specific case of /etc/ssh/sshd_config.d/, the man page is
pretty explicit:

     Note that the Debian openssh-server package sets several options as stan‐
     dard in /etc/ssh/sshd_config which are not the default in sshd(8):

           •   Include /etc/ssh/sshd_config.d/*.conf
           •   KbdInteractiveAuthentication no
           •   X11Forwarding yes
           •   PrintMotd no
           •   AcceptEnv LANG LC_*
           •   Subsystem sftp /usr/lib/openssh/sftp-server
           •   UsePAM yes

     /etc/ssh/sshd_config.d/*.conf files are included at the start of the con‐
     figuration file, so options set there will override those in
     /etc/ssh/sshd_config.

To be completely transparent here, I'd never even *heard* of this until
you mentioned it earlier in this thread.  This is completely new to me.
The fact that it's a Debian change is probably why I couldn't find it
in the OpenSSH web site's release notes, which is where I looked before
trying "man sshd_config" on Debian.
Reply to: