| 1 |
Duncan wrote: |
| 2 |
|
| 3 |
>Mark Creamer posted <433744A2.8030604@××××××××.net>, excerpted below, on |
| 4 |
>Sun, 25 Sep 2005 19:45:22 -0500: |
| 5 |
> |
| 6 |
> |
| 7 |
> |
| 8 |
>>Although I'm getting better at dealing with the post update |
| 9 |
>>configuration problems that always occur, I didn't know how to deal with |
| 10 |
>>these. This time around, about 25 or so files in /etc/pam.d need |
| 11 |
>>updating. My usual method is to look at the original and proposed |
| 12 |
>>updated file in kdiff3, as that is much simpler to view than in |
| 13 |
>>dispatch-conf (at least for me). But in this case, these files are all |
| 14 |
>>locked, so kdiff3 cannot open them for viewing. |
| 15 |
>> |
| 16 |
>>So maybe someone just knows... |
| 17 |
>> a. is it safe to just update all these files and not worry about it |
| 18 |
>> b. is there a way that I can get kdiff3 to display them so I can see |
| 19 |
>>what's changing |
| 20 |
>> c. are these the type of files that should be protected from ever |
| 21 |
>>changing during an update |
| 22 |
>> |
| 23 |
>> |
| 24 |
> |
| 25 |
>I believe (but am not sure so it'd be best to check it out) that the |
| 26 |
>changes have to do with making the PAM configuration gentoo-bsd |
| 27 |
>compatible. That project has been underway for a a month or six weeks |
| 28 |
>now, I'd say, but the updates are likely just now going stable (I'm on |
| 29 |
>~amd64 so of course I've processed most of them already). If these are |
| 30 |
>indeed the changes you are seeing, they'll be of the nature of one PAM |
| 31 |
>module replaced by a slightly different config, and all 25-ish files will |
| 32 |
>have the same basic changes. They should be safe to just upgrade, but I |
| 33 |
>ALWAYS look at the changes being made anyway, just to see what's going on |
| 34 |
>(which combined with my following the action on the dev list, is the |
| 35 |
>reason I know about this in the first place). |
| 36 |
> |
| 37 |
>The files are showing up "locked" due to permissions. Apparently, you are |
| 38 |
>running kdiff3 as your normal user. While most config files would be |
| 39 |
>world-readable, PAM stands for Pluggable Authentication Methods, and is |
| 40 |
>for just that -- authentication, therefore security. Thus, it's not wise |
| 41 |
>for these files to be world readable, and they aren't. |
| 42 |
> |
| 43 |
>The solution, therefore, is to view the files either from root, or using |
| 44 |
>sudo (if you have it set up appropriately, of course). If you don't |
| 45 |
>have sudo set up (if you do, you'd probably have figured this out |
| 46 |
>already), you should be able to do this using kdiff3 by launching |
| 47 |
>konsole, su-ing to root, then launching kdiff3 from the root shell in |
| 48 |
>konsole (either loading the files after launch or adding them to the |
| 49 |
>command line as appropriate, as well). I don't have kdiff3 setup, but |
| 50 |
>I've been using a root shell session in konsole for system management |
| 51 |
>since I switched to Linux, back on Mandrake, some four years ago, IIRC. |
| 52 |
>Normally, it "just works", with KDE handling all the Xauth stuff that |
| 53 |
>would otherwise be needed automatically, behind the scenes, transparently, |
| 54 |
>from the user's perspective. |
| 55 |
> |
| 56 |
>Very few files (fstab being one) should be protected from /ever/ changing |
| 57 |
>during an update. Most config files, even the ones you've customized, |
| 58 |
>will need to be looked at, possibly in parallel with examining the |
| 59 |
>documentation for the new version, to see if the configuration method and |
| 60 |
>parameters have changed. If they have and you keep the old version, |
| 61 |
>whatever the config is for may not start at next boot, or may start but |
| 62 |
>not be configured for proper operation. Thus, even nearly entirely |
| 63 |
>customized config files (the CUPS config comes to mind) should normally be |
| 64 |
>diffed, to see what has changed and whether you need to reconfigure your |
| 65 |
>customization to match the changes. |
| 66 |
> |
| 67 |
>FWIW, if you're interested in a book that'll jump-start your understanding |
| 68 |
>of a Linux system and its standard config files, take a look at O'Reilly's |
| 69 |
>"Running Linux". It's a $40 (US) book, some 6-700 pages, but it's well |
| 70 |
>worth it, designed much like a text book, covering how Linux works and is |
| 71 |
>configured. Back when I got serious about Linux (when it became obvious |
| 72 |
>MS was going to do stuff with eXPrivacy I couldn't accept, so if I were to |
| 73 |
>upgrade from '98, it'd have to be to Linux, since I couldn't upgrade to |
| 74 |
>eXPrivacy), I asked a bunch of Linux folks what the best book on the |
| 75 |
>subject was if I wanted to really grok Linux and be able to use and |
| 76 |
>configure it at the same power user level as I could MSWormOS. This book |
| 77 |
>came up several times, so I bought it. It was worth every penny and then |
| 78 |
>some, as I figure it saved me the equivalent of three full months of |
| 79 |
>40-hour weeks worth (thus, 13 weeks x 40 hours, 520 hours, how much is |
| 80 |
>three months of full-time work worth to YOU? Probably several grand in |
| 81 |
>any case -- the $40 was chump change for what I got out of it!) of SERIOUS |
| 82 |
>WORK, bumbling around on my own. Given that you are already running |
| 83 |
>Gentoo, it likely won't be quite so dramatic for you, but let's put it |
| 84 |
>this way, having mastered it, permissions issues like yours above, and |
| 85 |
>their resolutions, should be fairly self evident. You won't have to ask |
| 86 |
>people about things like that any more. |
| 87 |
> |
| 88 |
> |
| 89 |
> |
| 90 |
Thanks Duncan for taking the time for such a clear and thoughtful |
| 91 |
explanation. You're a great asset to this list. |
| 92 |
Regards, |
| 93 |
Mark |
| 94 |
-- |
| 95 |
gentoo-amd64@g.o mailing list |
Archives