Re: postinstall wiped out my /etc/rc changes

["Steven M. Bellovin" <smb%cs.columbia.edu@localhost>]

On Fri, 2 May 2008 11:48:58 -0400
"Greg A. Woods; Planix, Inc." <woods%planix.ca@localhost> wrote:

> On 2-May-08, at 11:37 AM, Steven M. Bellovin wrote:
> >
> > I think it's more complex than that.  It isn't obvious -- at least
> > not to me -- which files in /etc are "owned" by the system (and
> > hence are fair game for auto-replacement), and which are owned by
> > the administrator.  (I raised similar questions a few months ago
> > about the power management scripts.)  We need a clear, clean way to
> > make that distinction, and to make it obvious to the community.
> 
> 
> I've modified the build for my systems such that any and all scripts  
> and script fragments in /etc, including especially /etc/rc.d/* are  
> considered to be owned by the system, _unless_ they have a name  
> matching *.local (and I added /etc/*.local hooks where necessary).
> 
> The primary reason I did that was I had a fair swath of changes  
> throughout them all and I was very tired of making the same changes
> on many machines so a very long time ago I decided the authoritative  
> version would be the one in my source tree and the preferred method  
> for distributing the changes would be installs and upgrades.
> 
> All other configuration or data files (/etc/services, etc., as well
> as all *.conf of course) are considered to be owned by the system
> they live on and they are merged with new changes from the source
> tree (via installs and upgrades) with etcupdate if necessary.
> 

I think that that's a very reasonable approach.  (I assume, of course,
that you also special-case passwd and group and all their variants.)


                --Steve Bellovin, http://www.cs.columbia.edu/~smb