Subject: Re: symlink complaints in /etc/security
To: Perry E.Metzger <firstname.lastname@example.org>
From: John Hawkinson <jhawk@MIT.EDU>
Date: 12/08/2003 00:03:31
Perry E.Metzger <email@example.com> wrote on Sun, 7 Dec 2003
at 19:08:22 -0500 in <firstname.lastname@example.org>:
> We have a variable in security.conf called
> "check_mtree_follow_symlinks" that can be set to "YES". If it is set
> to "YES", the -L option is fed to mtree. This shuts up mtree about the
> existing problem, but leads to complaints about /etc/localtime not
> being a symlink, vis:
> type (link, file)
> What do people think of my making check_mtree_follow_symlinks=YES the
> default in security.conf, and changing /etc/localtime in special to
> "file" so that doesn't bitch?
I believe that the current specification of localtime as a link is
It's quite reasonable and appropriate for /etc/localtime to not
be a symlink, especially if one wants the correct timezone
when /usr is not mounted (i.e. single user mode).
I don't think there's any loss of security by simply removing
the check from the mtree special file.