Hi, * Short story * Is it possible to relocate /etc/passwd, /etc/shadow and /etc/group files ?
* Long story * I am building a system based on SLES10-SP2 with a read only root fs. My work is based on the Redpaper REDP-4322-00, "Sharing and maintaining Linux under z/VM". Very inspiring work. This is the first time I try to share the whole root fs, but I have shared other directory in the past. I would like to put the /etc directory and most of its content in the shared root fs. Where strictly needed, I would use symbolic links pointing to files stored on a local read write disk. That way, I could have very similar clones. I planned to move from /etc to my local parameters disk stuff like HOSTNAME, fstab, zipl.conf, sysconfig and other files customized to every clone needs. My problem is that pwutils programs (passwd, chage, ...) expect /etc/password, /etc/shadow and /etc/group to be read writable by root and to be files, not symbolic links. Here is an example. If I move /etc/shadow to /my/local/path/shadow and create a symbolic link from /my/local/path/shadow to /etc/shadow. The passwd command, when issued to change a password, will load /my/local/path/shadow file, then recreate a new shadow file, destroying my symbolic link at the same time. This is when my root fs is mounted read write. When my root fs is mounted read only, the passwd command fails with this error message : Cannot lock password file: already locked. Error: Password NOT changed. I don't see any way to change the location of these files, other than rebuilding the pwutils package, which is not something I am comfortable to put in production systems. I know I could just mount the whole /etc directory from a read write disk. It works perfectly. But I do lose the idea of a "perfect" clone with a local /etc. Does anybody tried this and succeeded or is it just a crazy idea ? Would it be a better solution to have a local, read write /etc disk with some symbolic links pointing to the "secured" files I want to be identical between two clones ? I am open to other suggestions as well. Thanks to all. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
