From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1EJqtl-0000uB-8g for garchives@archives.gentoo.org; Mon, 26 Sep 2005 11:11:53 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id j8QB2s70031091; Mon, 26 Sep 2005 11:02:54 GMT Received: from mta11.adelphia.net (mta11.adelphia.net [68.168.78.205]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id j8QB2qdA003570 for ; Mon, 26 Sep 2005 11:02:53 GMT Received: from [192.168.1.221] (really [68.170.102.241]) by mta11.adelphia.net (InterMail vM.6.01.04.01 201-2131-118-101-20041129) with ESMTP id <20050926110941.IEXM27017.mta11.adelphia.net@[192.168.1.221]> for ; Mon, 26 Sep 2005 07:09:41 -0400 Message-ID: <4337D6FE.4040902@adelphia.net> Date: Mon, 26 Sep 2005 06:09:50 -0500 From: Mark Creamer User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050727) X-Accept-Language: en-us, en Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-amd64@gentoo.org Reply-to: gentoo-amd64@lists.gentoo.org MIME-Version: 1.0 To: gentoo-amd64@lists.gentoo.org Subject: Re: [gentoo-amd64] Re: dispatch-conf confusion References: <433744A2.8030604@adelphia.net> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 9b78b73c-cfed-4d9f-b3c9-1d5b17869f11 X-Archives-Hash: 716c31cfefa043737eac60fed1a36e55 Duncan wrote: >Mark Creamer posted <433744A2.8030604@adelphia.net>, excerpted below, on >Sun, 25 Sep 2005 19:45:22 -0500: > > > >>Although I'm getting better at dealing with the post update >>configuration problems that always occur, I didn't know how to deal with >>these. This time around, about 25 or so files in /etc/pam.d need >>updating. My usual method is to look at the original and proposed >>updated file in kdiff3, as that is much simpler to view than in >>dispatch-conf (at least for me). But in this case, these files are all >>locked, so kdiff3 cannot open them for viewing. >> >>So maybe someone just knows... >> a. is it safe to just update all these files and not worry about it >> b. is there a way that I can get kdiff3 to display them so I can see >>what's changing >> c. are these the type of files that should be protected from ever >>changing during an update >> >> > >I believe (but am not sure so it'd be best to check it out) that the >changes have to do with making the PAM configuration gentoo-bsd >compatible. That project has been underway for a a month or six weeks >now, I'd say, but the updates are likely just now going stable (I'm on >~amd64 so of course I've processed most of them already). If these are >indeed the changes you are seeing, they'll be of the nature of one PAM >module replaced by a slightly different config, and all 25-ish files will >have the same basic changes. They should be safe to just upgrade, but I >ALWAYS look at the changes being made anyway, just to see what's going on >(which combined with my following the action on the dev list, is the >reason I know about this in the first place). > >The files are showing up "locked" due to permissions. Apparently, you are >running kdiff3 as your normal user. While most config files would be >world-readable, PAM stands for Pluggable Authentication Methods, and is >for just that -- authentication, therefore security. Thus, it's not wise >for these files to be world readable, and they aren't. > >The solution, therefore, is to view the files either from root, or using >sudo (if you have it set up appropriately, of course). If you don't >have sudo set up (if you do, you'd probably have figured this out >already), you should be able to do this using kdiff3 by launching >konsole, su-ing to root, then launching kdiff3 from the root shell in >konsole (either loading the files after launch or adding them to the >command line as appropriate, as well). I don't have kdiff3 setup, but >I've been using a root shell session in konsole for system management >since I switched to Linux, back on Mandrake, some four years ago, IIRC. >Normally, it "just works", with KDE handling all the Xauth stuff that >would otherwise be needed automatically, behind the scenes, transparently, >from the user's perspective. > >Very few files (fstab being one) should be protected from /ever/ changing >during an update. Most config files, even the ones you've customized, >will need to be looked at, possibly in parallel with examining the >documentation for the new version, to see if the configuration method and >parameters have changed. If they have and you keep the old version, >whatever the config is for may not start at next boot, or may start but >not be configured for proper operation. Thus, even nearly entirely >customized config files (the CUPS config comes to mind) should normally be >diffed, to see what has changed and whether you need to reconfigure your >customization to match the changes. > >FWIW, if you're interested in a book that'll jump-start your understanding >of a Linux system and its standard config files, take a look at O'Reilly's >"Running Linux". It's a $40 (US) book, some 6-700 pages, but it's well >worth it, designed much like a text book, covering how Linux works and is >configured. Back when I got serious about Linux (when it became obvious >MS was going to do stuff with eXPrivacy I couldn't accept, so if I were to >upgrade from '98, it'd have to be to Linux, since I couldn't upgrade to >eXPrivacy), I asked a bunch of Linux folks what the best book on the >subject was if I wanted to really grok Linux and be able to use and >configure it at the same power user level as I could MSWormOS. This book >came up several times, so I bought it. It was worth every penny and then >some, as I figure it saved me the equivalent of three full months of >40-hour weeks worth (thus, 13 weeks x 40 hours, 520 hours, how much is >three months of full-time work worth to YOU? Probably several grand in >any case -- the $40 was chump change for what I got out of it!) of SERIOUS >WORK, bumbling around on my own. Given that you are already running >Gentoo, it likely won't be quite so dramatic for you, but let's put it >this way, having mastered it, permissions issues like yours above, and >their resolutions, should be fairly self evident. You won't have to ask >people about things like that any more. > > > Thanks Duncan for taking the time for such a clear and thoughtful explanation. You're a great asset to this list. Regards, Mark -- gentoo-amd64@gentoo.org mailing list