in my never ending quest to make the output of /etc/security dwindle
down to

	Nothing to report on $date

and also to make all my machines more secure (by doing things like
running named and ntpd in chroots, etc), i've now gotten to the point
where mtree spits out the following complaint nightly:

	Checking special files and directories.
	etc/namedb:
		type (dir, link)

i get this because i have /etc/namedb as a symlink that points to
/var/chroot/named/etc/namedb so that i can stop thinking about it.  my
first thought was to change the call to mtree from this:

	mtree -e -l -p / -f /etc/mtree/special

to this:

	mtree -L -e -l -p / -f /etc/mtree/special

but that makes me get this complaint instead:

	etc/localtime:
		type (link, file)

so i can get one or the other, but never neither.  personally, i like
(1) having namedb be a symlink instead of a directory so that i can
think less, (2) having /etc/localtime be a symlink so that i can tell
what the local time zone is easily, and (3) not changing
/etc/mtree/special on a machine by machine basis.  otoh, (4) some
people may prefer to copy the timezone file to /etc/localtime so that
the timezone is consistent even if /usr isn't mounted.

now.../etc/localtime is the only "link" listed in /etc/mtree/special.
if this was changed to be "file" and the call to mtree in
/etc/security was changed to run with -L, then all would be well and
silent.  this would satisfy all of 1 through 4 above and reduce the
number of complaints from mtree on a nightly basis.

can anyone think of any security risks associated with mtree always
following all the symlinks?  or...not warning if it finds one where it
expected a file or a directory?

if no one has any thoughts on the subject, i'll commit the changes to
current.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."