| Summary: | /etc should be configurable by --sysconfdir | ||
|---|---|---|---|
| Product: | glibc | Reporter: | heroxbd <heroxbd> |
| Component: | libc | Assignee: | Not yet assigned to anyone <unassigned> |
| Status: | UNCONFIRMED --- | ||
| Severity: | enhancement | CC: | chewi, drepper.fsp, fweimer, sam |
| Priority: | P2 | Flags: | fweimer:
security-
|
| Version: | 2.23 | ||
| Target Milestone: | --- | ||
| Host: | Target: | ||
| Build: | Last reconfirmed: | ||
|
Description
heroxbd@sohu.com
2016-05-24 14:57:39 UTC
Hi Benda. I noticed we were doing this in Gentoo when I found that getent was returning user/group entries from the prefix, rather than from /etc. I really don't think that makes sense, at least for passwd, group, and shadow. Some of the other files like services and resolv.conf are debatable. For users and groups, the location of their names and other properties are determined by the libc in use, not by where the file/directory you're inspecting is. It would be really weird for "/path/to/prefix/bin/ls -l /home" to return completely different ownership information to "/bin/ls -l /home". In Gentoo's case, prefix is typically managed by a single user, so the ownership of files within the prefix isn't that interesting. We also stub out the user/group management functions in the eclasses under Prefix so these files generally don't get populated anyway. services is a typically static file and Gentoo Prefix is normally deployed on older systems, so it may make sense to use the newer prefixed version in this case. I'm on the fence with resolv.conf. Having to configure DNS in two places is strange, but if you don't have root access and you don't like the DNS configuration you've been given, this gives you the power to change it. Of course, you can always create a symlink, although the security around some of these files may prevent that from working. I think we should draw a line at passwd, group, and shadow in any case. What do you think? |