Changing thread name here, because I'm going off on a tangent...
On Fri, Oct 13, 2006 at 04:33:19PM +0100, Neil Bothwick wrote
> On Fri, 13 Oct 2006 08:22:04 -0700 (PDT), maxim wexler wrote:
>
> > IIRC the last time I updated baselayout it overwrote
> > some important files and my system was un-usable. In
> > all the excitement I failed to note what they were.
>
> That wasn't baselayout, it was you when running etc-update.
>
> > Is there a list somewhere?
>
> Yes, etc-update shows it to your before asking what to do. Check the
> contents of each file before allowing it to be overwritten, and never,
> ever let etc-update overwrite etc/fstab, /etc/passwd or /etc/group.
CONFIG_PROTECT and CONFIG_PROTECT_MASK work at the *DIRECTORY* level.
What I really want/need is a feature that allows additional protection
*FOR INDIVIDUAL FILES*. E.g...
- my customized /etc/conf.d/local.start or /etc/conf.d/local.stop
should *NEVER* be replaced with an empty version
- /etc/rc.conf should be left alone too. ***FOR THE UMPTEENTH TIME,
NO I DO NOT WANT NANO REPLACING VIM AS MY "EDITOR"***
- /etc/conf.d/clock too. ***FOR THE UMPTEENTH TIME, NO I DO NOT WANT
MY SYSTEM CLOCK SET TO GMT***
- /etc/ssmtp/ssmtp.conf too. ***FOR THE UMPTEENTH TIME, NO I DO NOT
WANT MY CUSTOMIZED FILE REPLACED WITH AN EXAMPLE FILE***
And the list goes on and on. Howsabout an environmental variable
CONFIG_PROTECT_FILES, containing a list of protected files? I'm ready
to submit a feature request if necessary. Does anybody have additional
comments?
--
Walter Dnes <[EMAIL PROTECTED]> In linux /sbin/init is Job #1
My musings on technology and security at http://techsec.blog.ca
--
[email protected] mailing list
