In article <[EMAIL PROTECTED]>,
Luis Francisco Gonzalez <[EMAIL PROTECTED]> wrote:
>Manoj Srivastava wrote
>[snip]
>> Secondly, we should minimize conffiles. This mechanism allows
>> me to control the script without having it necessarily be a
>> conffile.
>[snip]
>> Minimize conffiles; in this case they may not be needed.
>Regardless of the fact that I agree with you on not letting scripts do
>stuff on connection without the knowledge of the sysadm, I *do* think
>having these files be conffiles is a good idea. I for one, have changed
>the files to customize them for my setup and would loath to have to redo
>this with every update.
Right. Since they're under /etc, they should be conffiles, to avoid
nasty suprises. However, they won't be -modified- conffiles simply
because the sysadmin doesn't want them run.
I'd suggest the following:
When run-parts is started, it looks in the directory it's about to run
scripts from for two files: run.allow and run.deny. Since these contain
dots, they can't interfere with an unmodified run-parts' normal operation.
The rules would be similar to hosts.{allow,deny}: run-parts would, for
each script, run it if its name is in run.allow, otherwise not run it if
its name is in run.deny, otherwise run it anyway. base-files or similar
can provide conffiles /etc/ppp/ip-{up,down}/run.deny containing a "*"
to make the default "don't run anything".
Whadayathink?
--
Charles Briscoe-Smith
White pages entry, with PGP key: <URL:http://alethea.ukc.ac.uk/wp?95cpb4>
PGP public keyprint: 74 68 AB 2E 1C 60 22 94 B8 21 2D 01 DE 66 13 E2
--
E-mail the word "unsubscribe" to [EMAIL PROTECTED]
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? E-mail to [EMAIL PROTECTED]
