Subject: Re: and -U confusion
To: Greg Troxel <>
From: Steven M. Bellovin <>
List: current-users
Date: 08/15/2005 20:52:00
In message <>, Greg Troxel writes:
>"Steven M. Bellovin" <> writes:
>> Hmm -- if you're running as non-root, create the metalog; when 
>> installing, use the metalog if it exists.  -U will create the metalog 
>> even if running as root.
>I'm not sure, but I think it's critical to avoid a mixed
>metalog/non-metalog.  But perhaps with that situation install will use
>uids/mode from the file if no metalog entry, and from metalog if
>an entry exists, so perhaps that's ok, just icky.
My general principle here is to avoid violating the rule of least 
surprise.  The current scheme does cause problems that way; we've seen 
many mailing list messages that boil down to someone forgetting -U 
either on compilation or installation.  That scheme violates another 
rule: the same information has to be specified twice.  From the latter 
point, I conclude that specifying it at compile time -- and thus 
creating the metalog -- is a sufficient signal for the installation 

However, I take it a step further.  If you compile as non-root, you 
*can't* create a proper tree; you have to have metalog.  In other 
words, building as non-root is itself a signal; in that case, why have 
-U at all?  But that compilation-time decision *must* create the flag 
for installation time.

I don't see how this scheme can result in a mixed metalog/non-metalog 
situation.  If anything, it helps avoid it.

		--Steven M. Bellovin,