Re: nsswitch.conf again

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ed Greshko writes:

On 19/07/2021 08:41, Sam Varshavchik wrote:
Ed Greshko writes:

On 18/07/2021 20:38, Sam Varshavchik wrote:
Eyal Lebedinsky writes:

In /etc/nsswitch.conf which is a symlink.

[egreshko@meimei etc]$ ll nsswitch.conf
lrwxrwxrwx. 1 root root 29 Jul 14 16:01 nsswitch.conf -> /etc/authselect/nsswitch.conf

I have:
$ ll /etc/nsswitch.conf
-rw-r--r-- 1 root root 2150 Jul 18 00:08 /etc/nsswitch.conf

$ ll /etc/authselect/nsswitch.conf
ls: cannot access '/etc/authselect/nsswitch.conf': No such file or directory

I just checked, and none of my machines have /etc/nsswitch.conf as a symlink. This includes one box that was fresh-installed as F30 (approx).

The fresh-installed box had a bunch of files in /etc/authselect.

The others, just:

[mrsam@monster ~]$ ls -al /etc/authselect/
total 32
drwxr-xr-x.   3 root root  4096 Jul 17 19:30 .
drwxr-xr-x. 212 root root 16384 Jul 17 19:37 ..
drwxr-xr-x.   2 root root  4096 Mar 31 07:36 custom
-rw-r--r--.   1 root root  1783 Jul 17 19:30 user-nsswitch.conf
-rw-r--r--.   1 root root  1783 May 22 09:25 user-nsswitch.conf.bak

All of them have authselect-libs installed.


I must say, none of that makes any sense to me.

I just installed a new VM using Fedora-KDE-Live-x86_64-30-1.2.iso. Even the live image has /etc/nsswitch.conf as a sym link
to /etc/authselect/nsswitch.conf
And when I connect with that newly installed VM, without having done any updates, I see.

[egreshko@f30k ~]$ ll /etc/nsswitch.conf
lrwxrwxrwx. 1 root root 29 Jul 19 06:25 /etc/nsswitch.conf -> /etc/authselect/nsswitch.conf

and

[egreshko@f30k ~]$ ls /etc/authselect/
authselect.conf  dconf-locks       password-auth   system-auth
custom           fingerprint-auth  postlogin user-nsswitch.conf
dconf-db         nsswitch.conf     smartcard-auth

So, it is hard for me to understand how your results could be so different than mine unless you've then made changes to your
system out of habit.

Maybe you can double check what version of fedora you actually did install at the start?  Assuming the logs haven't been
overgrown you can do "dnf history info 1'.


Transaction ID : 1
Begin time     : Thu 25 Apr 2019 10:07:40 PM EDT
Begin rpmdb    : 0:da39a3ee5e6b4b0d3255bfef95601890afd80709
End time       : Thu 25 Apr 2019 10:12:12 PM EDT (272 seconds)
End rpmdb      : 1495:0e25a85737decf86c21aa98d4f2b17b8e03e5d2a
User           : System <unset>
Return-Code    : Success
Releasever     : 30

That's what it says.

Doing some more poking:

/etc/nsswitch.conf is owned by the glibc package, according to rpm.

rpm -q -l -v glibc says that it's a plain file. It is not a symlink.

I'm going to guess that it's authselect that replaces /etc/nsswitch.conf with a symlink:
# authselect current
No existing configuration detected.

I also note:

[root@thinkpad ~]# authselect test minimal
File /etc/nsswitch.conf:
# If you want to make changes to nsswitch.conf please modify
# /etc/authselect/user-nsswitch.conf and run 'authselect apply-changes'.
#
[ more stuff ]

That sounds more like what you are seeing on your machine.

Interesting. On my newly installed F30 system, which I've only run 3 commands as root.

[root@f30k ~]# history
    1  systemctl --now enable sshd
    2  firewall-config
    3  history

[root@f30k ~]# authselect current
Profile ID: sssd
Enabled features:
- with-fingerprint
- with-silent-lastlog

[root@f30k ~]# history
    1  systemctl --now enable sshd
    2  firewall-config
    3  history
    4  authselect current
    5  history

I find your experience odd.

Spin-related installation differences? I installed the XFCE spin image.

rpm shows that the /etc/nsswitch.conf file is owned by glibc, and it installs it as a plain file.

If authselect replaces it with a symlink, it must mean that something ran authselect.

Looking at authselect's scriptlets, they install all the extra files only if the scriptlets detect, at installation time, that "authselect check" gives the current configuration a clean bill of health:

   FILES="nsswitch.conf system-auth password-auth fingerprint-auth \
          smartcard-auth postlogin dconf-db dconf-locks"

When I installed F30 I distinctly recall, albeit dimly, a step where I get to select the system authentication configuration, and I selected the "I just have a vanilla Fedora system without any funky configuration" option. Maybe that one does not run authselect at all, and just leaves the glibc- installed nsswitch.conf alone.

Attachment: pgpI2Uqurwq0x.pgp
Description: PGP signature

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux