http://bugzilla.opensuse.org/show_bug.cgi?id=1155735 Bug ID: 1155735 Summary: Security and User modules - default /etc/login.def is now in /usr/etc Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: YaST2 Assignee: yast2-maintainers@suse.de Reporter: arvidjaar@gmail.com QA Contact: jsrain@suse.com Found By: --- Blocker: --- As discussed on factory: https://lists.opensuse.org/opensuse-factory/2019-06/msg00024.html https://lists.opensuse.org/opensuse-factory/2019-06/msg00161.html https://lists.opensuse.org/opensuse-factory/2019-07/msg00426.html the goal is to have default configuration files under /usr/etc. Recently shadow (which owns /etc/login.defs) was changed to use libeconf (https://github.com/openSUSE/libeconf) to read configuration and install login.defs into /usr/etc: Mon Oct 7 09:50:30 CEST 2019 - kukuk@suse.de - libeconf.patch: Add support for libeconf and /usr/etc for login.defs. - Move first configuration files and pam config files to /usr/etc This broke YaST which expects to find /etc/login.defs and falls back to DES password encryption if it does not. Additionally when changing e.g. password encryption method, YaST will write /etc/login.defs containing single line (ENCRYPT_METHOD). Because file in /etc hides file with same name in /usr/etc, the remaining parameters are no more read and so set to default. libeconf supports drop-ins; i.e. it is possible to create /etc/login.defs.d/YaST.defs which contains changes. But user is free to add another file in this directory which may override some of parameters. So YaST must at the very least read all files to determine actual parameter value; also it is unclear what YaST should do in this case when requested to change parameter (as change may not have any effect). -- You are receiving this mail because: You are on the CC list for the bug.