From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1GYxsQ-0006uU-D5 for garchives@archives.gentoo.org; Sun, 15 Oct 2006 04:45:30 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.8/8.13.6) with SMTP id k9F4hRfO024821; Sun, 15 Oct 2006 04:43:27 GMT Received: from mailout1.igs.net (mailout1.igs.net [216.58.97.34]) by robin.gentoo.org (8.13.8/8.13.6) with ESMTP id k9F4fPTl000360 for ; Sun, 15 Oct 2006 04:41:25 GMT Received: from waltdnes.org (i216-58-25-178.cybersurf.com [216.58.25.178]) by mailout1.igs.net (Postfix) with SMTP id B6117586C for ; Sun, 15 Oct 2006 00:41:24 -0400 (EDT) Received: by waltdnes.org (sSMTP sendmail emulation); Sun, 15 Oct 2006 00:40:52 -0400 From: "Walter Dnes" Date: Sun, 15 Oct 2006 00:40:52 -0400 To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] Is it possible to protect *INDIVIDUAL FILES* against etc-update? Message-ID: <20061015044052.GB9122@waltdnes.org> References: <200610121910.19727.alan@linuxholdings.co.za> <20061013152204.77228.qmail@web31708.mail.mud.yahoo.com> <20061013163319.1c9d72c6@hactar.digimed.co.uk> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20061013163319.1c9d72c6@hactar.digimed.co.uk> User-Agent: Mutt/1.5.11 X-Archives-Salt: 0dba1805-c07a-434b-b1ee-6ca1d960734c X-Archives-Hash: b8286f01b9271837bb7c0d4d43e11547 Changing thread name here, because I'm going off on a tangent... On Fri, Oct 13, 2006 at 04:33:19PM +0100, Neil Bothwick wrote > On Fri, 13 Oct 2006 08:22:04 -0700 (PDT), maxim wexler wrote: > > > IIRC the last time I updated baselayout it overwrote > > some important files and my system was un-usable. In > > all the excitement I failed to note what they were. > > That wasn't baselayout, it was you when running etc-update. > > > Is there a list somewhere? > > Yes, etc-update shows it to your before asking what to do. Check the > contents of each file before allowing it to be overwritten, and never, > ever let etc-update overwrite etc/fstab, /etc/passwd or /etc/group. CONFIG_PROTECT and CONFIG_PROTECT_MASK work at the *DIRECTORY* level. What I really want/need is a feature that allows additional protection *FOR INDIVIDUAL FILES*. E.g... - my customized /etc/conf.d/local.start or /etc/conf.d/local.stop should *NEVER* be replaced with an empty version - /etc/rc.conf should be left alone too. ***FOR THE UMPTEENTH TIME, NO I DO NOT WANT NANO REPLACING VIM AS MY "EDITOR"*** - /etc/conf.d/clock too. ***FOR THE UMPTEENTH TIME, NO I DO NOT WANT MY SYSTEM CLOCK SET TO GMT*** - /etc/ssmtp/ssmtp.conf too. ***FOR THE UMPTEENTH TIME, NO I DO NOT WANT MY CUSTOMIZED FILE REPLACED WITH AN EXAMPLE FILE*** And the list goes on and on. Howsabout an environmental variable CONFIG_PROTECT_FILES, containing a list of protected files? I'm ready to submit a feature request if necessary. Does anybody have additional comments? -- Walter Dnes In linux /sbin/init is Job #1 My musings on technology and security at http://techsec.blog.ca -- gentoo-user@gentoo.org mailing list