[ On Saturday, August 26, 2000 at 16:36:41 (-0400), Harlan Stenn wrote: ]
> Subject: Re: HTML format documentation
>
> The NTP configuration runtime stuff is slowly moving to /usr/local/etc, as
> there are a number of sites that NFS mount /usr/local/etc and there are
> shared configuration files that each host may decide to update.
"shared configuration files" is, IMNSHO, an oxymoron!
Yes there are configuration items that are common amongst hosts in many
given scenarios.
However I think it must be left to the administrator(s) of those hosts
to determine how these commonalities are maintained. There are, after
all, a zillion ways to do this, but sharing /usr/local/etc with a
network filesystem is probably the least acceptable way to do it!
If one really wants to use NFS or whatever to share configuration files
then at least they should be put in some subdirectory with a name like
"siteconf" or "sitewide_etc" and then symlinks can be installed in
/usr/local/etc to point at those shared files when it seems appropriate
to use them on any given host. I once encoutered a cluster of systems
that happened to be using RFS to share things like /etc/passwd and
/etc/shadow. Even back then I was sure this was a major security risk,
although at least all of /etc wasn't being shared and indeed the local
directory on which the shared remote files were mounted did contain
minimum files to support semi-secure stand-alone operation (eg. should
the RFS server go away for some reason).
I would suggest that using some tool like GNU CFengine is probably the
best solution to sharing common configuration items, and even something
like a little rsync script, probably utilising SSH as the transport, and
possibly called regularly from cron, would be far far far safer than
using any known network filesystem!
> For private
> information, we're currently saying "make everything visible under
> /usr/local/etc/ and if it needs to be a private copy make the entry that
> lives in /usr/local/etc/ be a symlink."
I would have to say that this seems like the most error prone possible
way of doing such sharing!
In any case if "sysconfdir" means what it says, i.e. "system
configuration directory", then it must default to /etc (i.e. without
$(prefix) prepended) on any unix or unix-like system that I know of.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
