Subject: Re: symlink complaints in /etc/security
To: Perry E.Metzger <>
From: John Hawkinson <jhawk@MIT.EDU>
List: tech-security
Date: 12/08/2003 00:03:31
Perry E.Metzger <> wrote on Sun,  7 Dec 2003
at 19:08:22 -0500 in <>:

> We have a variable in security.conf called
> "check_mtree_follow_symlinks" that can be set to "YES". If it is set
> to "YES", the -L option is fed to mtree. This shuts up mtree about the
> existing problem, but leads to complaints about /etc/localtime not
> being a symlink, vis:
> etc/localtime: 
>         type (link, file)
> What do people think of my making check_mtree_follow_symlinks=YES the
> default in security.conf, and changing /etc/localtime in special to
> "file" so that doesn't bitch?

I believe that the current specification of localtime as a link is
busted anyhow.

It's quite reasonable and appropriate for /etc/localtime to not
be a symlink, especially if one wants the correct timezone
when /usr is not mounted (i.e. single user mode).

I don't think there's any loss of security by simply removing
the check from the mtree special file.