On 11/28/18 6:35 PM, Richard W.M. Jones wrote:
On Wed, Nov 28, 2018 at 05:02:17PM +0100, Reindl Harald wrote:
Am 28.11.18 um 15:45 schrieb Florian Weimer:
* Richard W. M. Jones:
Trying to track down a bug in IPP printing
(https://bugzilla.redhat.com/show_bug.cgi?id=1653276).
We're down a rabbit hole where it seems that in Fedora 29
/etc/nssswitch.conf ought to be a symlink. This machine has been
upgraded from F28 and this is not the case. AFAIK I have never edited
the file.
/etc/nsswitch.conf is owned by glibc. It is not a symbolic link as we
ship it.
If find out which packages replaces our configuration with a symbolic
link, please file a bug against that package. If they want to take over
/etc/nsswitch.conf, this is negotiable, but it needs coordination with
the glibc package.
and that's why i do "chattr +i /etc/nsswitch.conf" and "chattr +i
/etc/resolv.conf" for year - guys stop mangle around in /etc - this is
admin area and way too often the mdns crap was added unasked or "mysql"
for nss-mysql touched in the past years finding you perfectly working
config in a damned .bak file
everything which touchs /etc at updates is broken by design
Yes I've been doing chattr +i /etc/resolv.conf for a very long time.
Updates to systemd or nss-mdns breaks generated authselect
configuration, because they rewrite nsswitch.conf. This is something we
know about and trying to find the best way for both parties to fix it.
However in the case of /etc/nsswitch.conf, changing it (with the
cooperation of glibc of course) to be a symlink seems reasonable.
What I'm (still) missing is what's the actual plan? What should
things look like?
At this moment, if you install system without any kickstart, anaconda
invokes authselect (sssd profile, before it did the same thing but with
authconfig). If you use kickstart you can choose to not call authselect
and stick with glibc/pam defaults.
So basically, you can choose to use authselect and you can choose not to
use it. At any time, you can just manually update any file you want to,
"authselect check" will complain but the only implication is that you
will be required to use "authselect select $profile --force" to go back
to authselect configuration.
As I said in the other mail, authselect would like to take ownership of
nsswitch.conf and pam in the future, but we need to first solve its
issues so no action was taken in this area yet.
Rich.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
