1 |
Duncan wrote: |
2 |
|
3 |
>Mark Creamer posted <433744A2.8030604@××××××××.net>, excerpted below, on |
4 |
>Sun, 25 Sep 2005 19:45:22 -0500: |
5 |
> |
6 |
> |
7 |
> |
8 |
>>Although I'm getting better at dealing with the post update |
9 |
>>configuration problems that always occur, I didn't know how to deal with |
10 |
>>these. This time around, about 25 or so files in /etc/pam.d need |
11 |
>>updating. My usual method is to look at the original and proposed |
12 |
>>updated file in kdiff3, as that is much simpler to view than in |
13 |
>>dispatch-conf (at least for me). But in this case, these files are all |
14 |
>>locked, so kdiff3 cannot open them for viewing. |
15 |
>> |
16 |
>>So maybe someone just knows... |
17 |
>> a. is it safe to just update all these files and not worry about it |
18 |
>> b. is there a way that I can get kdiff3 to display them so I can see |
19 |
>>what's changing |
20 |
>> c. are these the type of files that should be protected from ever |
21 |
>>changing during an update |
22 |
>> |
23 |
>> |
24 |
> |
25 |
>I believe (but am not sure so it'd be best to check it out) that the |
26 |
>changes have to do with making the PAM configuration gentoo-bsd |
27 |
>compatible. That project has been underway for a a month or six weeks |
28 |
>now, I'd say, but the updates are likely just now going stable (I'm on |
29 |
>~amd64 so of course I've processed most of them already). If these are |
30 |
>indeed the changes you are seeing, they'll be of the nature of one PAM |
31 |
>module replaced by a slightly different config, and all 25-ish files will |
32 |
>have the same basic changes. They should be safe to just upgrade, but I |
33 |
>ALWAYS look at the changes being made anyway, just to see what's going on |
34 |
>(which combined with my following the action on the dev list, is the |
35 |
>reason I know about this in the first place). |
36 |
> |
37 |
>The files are showing up "locked" due to permissions. Apparently, you are |
38 |
>running kdiff3 as your normal user. While most config files would be |
39 |
>world-readable, PAM stands for Pluggable Authentication Methods, and is |
40 |
>for just that -- authentication, therefore security. Thus, it's not wise |
41 |
>for these files to be world readable, and they aren't. |
42 |
> |
43 |
>The solution, therefore, is to view the files either from root, or using |
44 |
>sudo (if you have it set up appropriately, of course). If you don't |
45 |
>have sudo set up (if you do, you'd probably have figured this out |
46 |
>already), you should be able to do this using kdiff3 by launching |
47 |
>konsole, su-ing to root, then launching kdiff3 from the root shell in |
48 |
>konsole (either loading the files after launch or adding them to the |
49 |
>command line as appropriate, as well). I don't have kdiff3 setup, but |
50 |
>I've been using a root shell session in konsole for system management |
51 |
>since I switched to Linux, back on Mandrake, some four years ago, IIRC. |
52 |
>Normally, it "just works", with KDE handling all the Xauth stuff that |
53 |
>would otherwise be needed automatically, behind the scenes, transparently, |
54 |
>from the user's perspective. |
55 |
> |
56 |
>Very few files (fstab being one) should be protected from /ever/ changing |
57 |
>during an update. Most config files, even the ones you've customized, |
58 |
>will need to be looked at, possibly in parallel with examining the |
59 |
>documentation for the new version, to see if the configuration method and |
60 |
>parameters have changed. If they have and you keep the old version, |
61 |
>whatever the config is for may not start at next boot, or may start but |
62 |
>not be configured for proper operation. Thus, even nearly entirely |
63 |
>customized config files (the CUPS config comes to mind) should normally be |
64 |
>diffed, to see what has changed and whether you need to reconfigure your |
65 |
>customization to match the changes. |
66 |
> |
67 |
>FWIW, if you're interested in a book that'll jump-start your understanding |
68 |
>of a Linux system and its standard config files, take a look at O'Reilly's |
69 |
>"Running Linux". It's a $40 (US) book, some 6-700 pages, but it's well |
70 |
>worth it, designed much like a text book, covering how Linux works and is |
71 |
>configured. Back when I got serious about Linux (when it became obvious |
72 |
>MS was going to do stuff with eXPrivacy I couldn't accept, so if I were to |
73 |
>upgrade from '98, it'd have to be to Linux, since I couldn't upgrade to |
74 |
>eXPrivacy), I asked a bunch of Linux folks what the best book on the |
75 |
>subject was if I wanted to really grok Linux and be able to use and |
76 |
>configure it at the same power user level as I could MSWormOS. This book |
77 |
>came up several times, so I bought it. It was worth every penny and then |
78 |
>some, as I figure it saved me the equivalent of three full months of |
79 |
>40-hour weeks worth (thus, 13 weeks x 40 hours, 520 hours, how much is |
80 |
>three months of full-time work worth to YOU? Probably several grand in |
81 |
>any case -- the $40 was chump change for what I got out of it!) of SERIOUS |
82 |
>WORK, bumbling around on my own. Given that you are already running |
83 |
>Gentoo, it likely won't be quite so dramatic for you, but let's put it |
84 |
>this way, having mastered it, permissions issues like yours above, and |
85 |
>their resolutions, should be fairly self evident. You won't have to ask |
86 |
>people about things like that any more. |
87 |
> |
88 |
> |
89 |
> |
90 |
Thanks Duncan for taking the time for such a clear and thoughtful |
91 |
explanation. You're a great asset to this list. |
92 |
Regards, |
93 |
Mark |
94 |
-- |
95 |
gentoo-amd64@g.o mailing list |