On Tue, Nov 15, Ben Holmes wrote:
There are other ways of executing commands as root (or another user) that come with TW by default on a normal desktop install. I can't find any that have a config in /usr/etc/, and all of them ask for the "root" password.
Correct, they have the configs in /usr/lib/..., /usr/share/... or something similar.
There is "su -c", and that uses pam configuration which by default asks for the target password (root in this case). The configuration file is /etc/pam.d/su (which does not exist in my install).
/etc/pam.d/su is for admin changed configuration files, /usr/lib/pam.d/su is the one provided by the distribution. Linux-PAM had this since ages, except that no distribution adjusted their packaging.
And now we go with moving the configuration to /usr/etc/
No. We split the configuration: /usr contains the distribution defaults, /etc will contain the host specific config or changes.
Maybe it is because I am getting old, but I see this /usr/etc trend as one big solution without a problem, and it creates its own problems.
That's because you are most likely a Desktop user and you are not using fancy things like atomic updates/transactional updates, or image based updates, embedded systems, ... Linux distributions out there in the world are used for much, much more than only Desktop, and most of this usecases have different requirements than a Desktop. But even for you as Desktop user this has big advantages: default config settings can much easier be updated without breaking modified configurations. I suggest to take a deeper look at https://www.uapi-group.org.
Don't get me started on snaps/flatpacks/containers-for-the-sake-of-it etc. We already have / etc/default (which contains /etc/default/su which is a symlink to /usr/etc/ default/su which overrides configuration instead of providing defaults) and that confuses me enough.
/etc/default/su should never be a symlink to /usr/etc/default/su, did you create that yourself?
Are we heading towards a point where, like with /bin/ and /sbin/, /etc/ is just a symlink or bind-mount to /usr/etc/?
No. /etc will contain host specific configurations and admin made changes, and will stay writeable for that reason.
If we get to /etc/ being a symlink of /usr/etc/ then I feel that is better. I hate complexity unless it is really needed.
/etc being a symlink to /usr/etc doesn't make any sense and doesn't solve any problems. Beside that this will not work, since /usr/etc will be read-only in most scenarios.
Does anyone use a separate /usr/ that is not a subvolume with TW (if they do, they loose /sbin/ on a failed /usr/ mount anyway)?
/usr on a separate partition or subvolume will become the new default for most/nearly all Linux distributions in the next years. That's a hard requirement for many (security) concepts. I have some PoC machines with this setup, works fine. Except that still RPMs try to install outside of /usr, which with an image based approach does not work. Thorsten
-- Ben
On 14/11/22 07:25, Thorsten Kukuk wrote:
CAUTION: This email originated from outside of Interactive. Do not click links or open attachments unless you recognise the sender and know the content is safe.
On Sun, Nov 13, jmscdba@gmail.com wrote:
> I had not heard of the move to /usr/etc efforts but when looked into it I > found this > > https://github.com/thkukuk/atomic-updates_and_etc > > But it seems like it has stalled since 2019 which I guess is why you said it > needs all the help it can get.
If think it has stalled since the document didn't got updated: it didn't got updated since there is nothing to update :) The idea and the arguments haven't changed since then.
The /usr/etc move (or /usr/lib, /usr/share, ..., depending on what upstream decides) is still moving forward. Yes, it's slow as in contrast to usr-merge there is not one solution fit's all, but every package needs it's own solution, but it is still moving. Slowly, but continuous.
Currently we implement solutions for /etc/shells. Which requires adjustements in many packages...
And meanwhile this idea behind /usr/etc is also required for https:// uapi-group.org/ You cannot update config files in /etc if you do an image based update. So you need this split.
Does any of this matter for TW?
Is this more for microserver distros?
> Kind of reminds me of the usr-merge efforts which also stalled for so many > years and then finally were completed. > > Seems like a great idea, since default configs currently can be found in > different locations for different packages. > > Would be great to see some consistency in this area.
Consistency is not possible, nearly every package has a different confguration file format, handling and requirements. If this would not be the case, we would have finished this already 2 years ago...
Thorsten
> On 11/8/22 00:35, Luciano Santos wrote: > > Hi Jim, > > > > You're basically describing the /etc move to /usr/etc [1], an ongoing effort that needs all the help it can get. A specific bug for SUDO [2] has already been filed. So, if it's feasible, someone will eventually make that move. > > > > And anyone can help out with that, folks. Don't be shy! > > > > Regards, > > Luciano > > > > [1] https://bugzilla.opensuse.org/show_bug.cgi?id=1152770 > > [2] https://bugzilla.opensuse.org/show_bug.cgi?id=1205118 > > -- > Regards, > > Joe
-- Thorsten Kukuk, Distinguished Engineer, Senior Architect, Future Technologies SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nuernberg, Germany Managing Director: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman (HRB 36809, AG Nürnberg)
-- Thorsten Kukuk, Distinguished Engineer, Senior Architect, Future Technologies SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nuernberg, Germany Managing Director: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman (HRB 36809, AG Nürnberg)