* Arthur de Jong [2009-04-17 22:33:16 +0200]: > I'm a bit reluctant to automatically remove stuff from nsswitch.conf > because the admin, when he installed the package, indicated that > nsswitch.conf should be edited or the admin may have edited it manually > to include ldap lookups.
You almost make it sound like /etc/nsswitch.conf ought to be a conffile after all. But then why are you editing it in postinst? (Unconditionally, I may add: the admin doesn't get a chance to say "leave nsswitch.conf alone"; you're asking a series of yes/no questions for the various services and always call either nss_enable or nss_disable for each of them.) I certainly agree that it must be possible for an admin to edit nsswitch.conf "manually" (maybe with a helper tool, but your nss_enable() and nss_disable() don't support the full range of possible syntax; things like [NOTFOUND=return] come to mind, not to mention the choice of ordering when multiple name services are enabled). I have yet to see a PAM module package that edits files in /etc/pam.d/ on installation or removal. I think it would be more consistent for NSS module packages to likewise leave nsswitch.conf alone (libnss-ldap does it this way, for example); but since a decision seems to have been made that editing nsswitch.conf in postinst/prerm is OK, then for consistency one should undo those edits on purging the package (maybe even on simple removal). Maybe a workable compromise would be for nss-ldapd's config script to ask one more question, i.e. whether nsswitch.conf should be managed manually or by debconf, and use the recorded answer at prerm time. The next step might be to refactor the editing of nsswitch.conf out of the individual nss module packages into an update-nsswitch command; but that would require a broader discussion. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
