On Sun, Mar 18, 2007 at 05:38:22PM +0100, Joerg Sonnenberger wrote:
> On Sun, Mar 18, 2007 at 03:08:14PM +0100, tlaronde@polynum.com wrote:
> > 
> > 2) All names are built appending ".local" to them, since the emphasis
> > must be put not on the nature of a link (a file or a directory '.d') but
> > on the fact that these are local versions of standard facilities.
> > 	There is also prior art since the script sourced by /etc/rc.d/local
> > 	stop is called "/etc/rc.shutdown.local"
> 
> [snip]
> 
> The one problem which points out why this falls apart is that rcorder
> itself doesn't support multiple scripts with the same name very well.
> For that reason alone all the complication of separation makes a lot less
> sense.

As long as one knows that, say pgsql in pgsql=YES is not the name of the
"binary" program, but simply the name of the rc.d/ script, I, for one,
would use (in the framework discussed) my_pgsql=YES to launch
/etc/rc.d.local/my_pgsql, leaving pgsql=NO for not using
/etc/rc.d.pkgsrc/pgsql for example.

I still think that separating things is a good idea, for all the reasons
already discussed, and for security too: the base services provided by
NetBSD are critical ones, and I could imagine a /etc/rc.d/ that is truly
read-only so that no third party stuff can put things here that will
overwrite the base install.

But actually, since the filename is used, same basename will lead to
two distinct pathnames scripts being run. Security concern or feature? 
But is the possibility to overwrite a base script better? And keeping
two (or three) separate directories can allow security to warn that
same basename is used (without base script being overwritten; mtree will
warn too that the checksum has changed, but with the initial script
changed in the current way of doing). Since we are dealing with root
stuff, there are lengths of rope.
-- 
Thierry Laronde (Alceste) <tlaronde +AT+ polynum +dot+ com>
                 http://www.kergis.com/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89  250D 52B1 AE95 6006 F40C