The package users hint
(http://www.linuxfromscratch.org/hints/downloads/files/more_control_and_pkg_man.txt)
says:
In case you were wondering if you should create
/etc/nsswitch.conf and /etc/ld.so.conf as root or glibc, I
recommend to assign all files that you manually create or
manually edit to the root account. [...]
With regard to the management of configuration files, I suggest
that on systems, where the package users system is used:
1) initially, any configuration file be owned by the package
user
who has installed the package that this configuratino file is
part of or used by;
2) a config user (possibly with primary group config) be used
to
change (either manually or automatically) any configuration
file;
the rationale behind this proposal is to avoid the possibility
that root forgets to change the owner and/or the group of any
configuration file that they change;
So if I understand correctly, your logic is that the config
user
doesn't initially have permissions to modify the config file.
You
are forced to login as root and 'chown config config.file' or
'chgrp config config.file' before you can edit it as config.
(And you have to do that instead of remembering to
Yes, I think that you've gotten it right. The idea is that the
only thing you need to remember is not to edit any configuration
file as root. You do not consider this harder than remembering
not to install any package as root when using package users, do
you?
'chown root:root config.file' and you must still remember not
to edit config.file as root.)
That way you can't forget. Right?
3) when using the approach proposed above, either the owner or
the group of a modified file be changed so that one can tell
which package the file is part of (or used by) by looking at
the
other attribute;
Have you tried this approach?
I have not yet tried it, I'm just considering to do so and I
thought that it would be a good idea to share it and see if I
have missed something.
It looks like it could work, but is it
usable in practice? I mean, does it really provide added
benefit
that is worth the added complication?
The benefit is explained in what you have snipped from my
previous post. It is an excerpt from a tip about applying the
package users approach:
That way you can distinguish between those files that can be
regenerated automatically and
those that can not. Assigning even automatically generated files
to
root once you make the first manual edit, ensures that a later
reinstallation of a package won't silently do away with your
manual tweaks.
As for the "added complication", I already explained that the
only thing you need to remember is not to modify any
configuration file as root. As for the chown, you may forget
about it - the system will remind you whenever you need to change
ownership.
In conslusion, I would like to add that the basic idea in this
approach is parallel to that of package users. This includes the
ability to grant a non-root user the permission to make
configuration changes.
--
http://linuxfromscratch.org/mailman/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/lfs/faq.html
Unsubscribe: See the above information page
