Perry E.Metzger <perry@piermont.com> wrote on Sun,  7 Dec 2003
at 19:08:22 -0500 in <874qwcb289.fsf@snark.piermont.com>:


> We have a variable in security.conf called
> "check_mtree_follow_symlinks" that can be set to "YES". If it is set
> to "YES", the -L option is fed to mtree. This shuts up mtree about the
> existing problem, but leads to complaints about /etc/localtime not
> being a symlink, vis:
> 
> etc/localtime: 
>         type (link, file)
> 
> What do people think of my making check_mtree_follow_symlinks=YES the
> default in security.conf, and changing /etc/localtime in special to
> "file" so that doesn't bitch?

I believe that the current specification of localtime as a link is
busted anyhow.

It's quite reasonable and appropriate for /etc/localtime to not
be a symlink, especially if one wants the correct timezone
when /usr is not mounted (i.e. single user mode).

I don't think there's any loss of security by simply removing
the check from the mtree special file.

--jhawk