I don't see a custom /etc/X11/gdm/custom.conf, but shouldn't the LiveCD
automatically login as root? Apparently, GDM only supports automatic login
of non-root users (see http://bugzilla.gnome.org/show_bug.cgi?id=475477).
Thanks to Brain Cameron for the pointer above. He suggests perhaps
modifying the pam.conf to allow root to login without a password only
locally would work okay?
If sshd is running automatically though a root password would be good to
have for sure, and so we should have a root password specified somewhere
(otherwise, someone could do all sorts of stuff while Solaris is being
installed).
To prevent a startup delay due to not shipping a "default" SSH key, could
the SSH key generation be done in the background by sysidcfg? The only
problem is the SSH SMF manifest doesn't have a dependency on the keys
being present to start sshd, which could be a problem doing that, if the
machine is fast enough. Otherwise, it would be trivial to run the keygen
backgrounded as the sshd file from
/onnv/onnv-gate/usr/src/cmd/ssh/etc/sshd (which installs to
/lib/svc/method/sshd) should just run the keygen in the background with &
appended to the create_keys line.
Thank you,
Clay
On Mon, 24 Sep 2007, Dave Miner wrote:
> I see Moinak responded also, if I haven't said otherwise here then I
> agree with his answers.
>
> Karen W. Tung wrote:
> > To create a Live CD/DVD, the Live Media project introduced a set of files
> > in the a directory called "bootcd_skel". The files in the directory
> > replaces some files that are normally included as part of Solaris, and
> > introduces some new files that are specific for making Live CD/DVD work.
> > Instead of deliverying this whole set of files as a bundle, we are working
> > on sorting out each file and see whether there is a better way to deliver
> > them, eg: via a special package for Live Media...etc..
> >
> > As a first step, I went through each of these files and categorized them
> > into the following 4 categories.
> >
> > - Microroot Only - LiveCD specific files
> > - Proto area - LiveCD modifications of existing files
> > - Changes that I think can be done using scripts instead of replacing the
> > whole file.
> > - Changes that I think is not necessary, or I am confused about what they
> > are.
> >
> > If you see any problems with the way I sort them out, or if you have any
> > input on some of
> > the things I don't understand, please help with making the list better.
> >
> > -------------------------------------------------------------------------
> > Microroot Only - LiveCD specific files
> > --------------------------------
> > f 0444 root:root .livecd
> > - contains volume name
> > f 0644 root:other reconfigure
> > - ????
> > f 0777 root:root noautoshutdown
> > - ????
> > f 0755 root:sys kernel/fs/hsfs
> > - hsfs driver (will this be included in NV by the time Indiana
> > ships???)
> > f 0555 root:bin lib/svc/method/live-devices-local
> > f 0555 root:bin lib/svc/method/live-fs-root
> > f 0555 root:bin lib/svc/method/live-fs-usr
> > f 0555 root:bin lib/svc/method/live-sysidtool-system
> > f 0444 root:sys var/svc/manifest/system/device/live-devices-local.xml
> > f 0444 root:sys var/svc/manifest/system/filesystem/live-root-fs.xml
> > f 0444 root:sys var/svc/manifest/system/filesystem/live-usr-fs.xml
> > f 0444 root:sys var/svc/manifest/system/live-sysidtool.xml
> > - SMF stuff
>
> The service manifests and scripts are obviously needed, but we likely
> need to figure out better ways to integrate most of them into the base
> services for the long term.
>
> >
> > d u=rwx,g=rx,o=rx root:root root
> > d u=rwx,g=rx,o=rx root:root root/Desktop
> > f 0644 root:root root/Desktop/install_solaris.desktop
> > d u=rwx,g=rx,o=rx root:root root/installer
> > f 0755 root:bin root/installer/install_live
> > f 0755 root:bin root/installer/install-finish
> > - "Home" and directory for the "root" account, and content of
> > "home" directory
>
> Having the directory is fine, but the Desktop and installer directories
> can be removed, as Slim will deliver the real versions; these were just
> the hacks I did for Live Media.
>
> >
> >
> > f 0644 root:root etc/rtc_config
> > - Specifies the timezone to be GMT. This file doesn't seem to be
> > included in any existing package. Is it normally created during
> > install time?
> >
> > f 0644 root:root etc/inet/routing.conf
> > - Sets up routing. Not shipped by any package.
> > Not sure whether content should be generated
> > somehow instead of hardcoding here.
> >
>
> We may need to experiment a bit here, but as Moinak said, we now have
> SMF control over the routing service so this should be handled via the
> SMF profile.
>
> > f 0644 root:other etc/.UNCONFIGURED
> > - To indicate that this system is not configured?????
> >
> > For proto area
> > ----------------
> > f 0644 root:root boot/solaris/bootenv.rc
> > - ???? - replaces the "standard" one
> > f 0644 root:sys boot/grub/menu.lst
> > - grub menu - replaces the "standard" one
> > f 0644 root:root boot/grub/sx-boot.xpm.gz
> > - grub menu background graphics - replaces the "standard" one
>
> We need to replace this graphic with one from Glynn or whomever which is
> suitable for the distro (this is one of the theming/branding items).
>
> >
> > The following changes are needed, can they be done with a script instead of
> > replacing the whole file? (All these files only need to be in microroot)
> > ----------------------------------------------------------------------
> >
> > f 0644 root:sys etc/security/prof_attr
> > f 0644 root:sys etc/security/exec_attr
> > - Need our customized one because we want to add the
> > "Inetmenu" profile? Can we add the profile in via a command?
> >
>
> We don't need this customization, as we're using NWAM, not inetmenu.
>
> > f 0644 root:staff etc/inet/hosts
> > - Why need this one? Because we need to give localhost a
> > "hostname"?
> > Is it better just leave it to have no name?
> >
> > f 0644 root:sys etc/passwd
> > - Makes "root" have home directory of /root, and shell of "bash".
> > Is there a command to do this? If not, can we just modify
> > the passwd file with a script?
> >
>
> This is stuff which should be configurable per-distro, as it's basically
> a religious issue. A script that uses "usermod -R" should do the trick.
>
> > f 0400 root:sys etc/shadow
> > - Gives an hardcoded password to the "root" user.
> >
>
> We should just remove this. No root password on the media.
>
> > f 0644 root:other etc/coreadm.conf
> > - Specifies where core files should go to. This file is not
> > shipped by any package.
> >
> > f 0644 root:root etc/nodename
> > - Hard code name of the host. Can be created dynamically, based on
> > user input. This file is not shipped by any package??
> >
>
> Correct, it's always generated by the installer. Distro Constructor is
> the "installer" in this scenario, so make it a parameter.
>
> > f 0644 root:root etc/vfstab
> > - Add the "/devices/ramdisk:a ....." line
> >
> > f 0644 root:other etc/dumpadm.conf
> > - Set crash dump enable to be "DUMPADM_ENABLE=no". This file is not
> > installed by default. It is used by the "svc-dumpadm" script.
> > Change script to not read dumpadm.conf for LiveCD?
> >
> > f 0644 root:sys etc/minor_perm
> > - I don't know what's special in here for LiveCD? If we need to
> > add something, probably can make mod with script.
> >
> > f 0644 root:root etc/resolv.conf
> > - File not delivered by any package. Create it using script.
> >
>
> No need to create, I believe; NWAM will do the right thing.
>
> > Not necessary, I think
> > ----------------------------
> > f 0555 root:bin lib/opengl/ogl_select/nvidia_vendor_select
> > - ????
> >
> > f 0644 root:sys etc/profile
> > f 0644 root:root etc/default_env.sh
> > - Why need a customized etc/profile script? Just so that it can
> > read
> > in the customized "default_env.sh". Is it really necessary to
> > have the "default_env.sh"?
> >
>
> /etc/profile is going to be a matter of distro taste, I think. I'd
> remove this for now.
>
> > f 0600 root:root etc/ssh/ssh_host_dsa_key
> > f 0644 root:root etc/ssh/ssh_host_dsa_key.pub
> > f 0600 root:root etc/ssh/ssh_host_rsa_key
> > f 0644 root:root etc/ssh/ssh_host_rsa_key.pub
> > - Public and private keys for DSA and RSA shouldn't be hard coded.
>
> No, they shouldn't, but removing them seems like it will have some boot
> performance impact. Will need to experiment here.
>
> >
> >
> > f 0644 root:sys etc/pam.conf
> > - Looks like a lot of changes is for KDE. Since we don't ship KDE,
> > do we need those changes?
> >
> > f 0644 root:sys etc/power.conf
> > - I don't see how is different than the default one.
> >
> > f 0644 root:sys etc/rpc
> > - "sgi_fam" and "kde_dcompserver" are added. Are they needed for
> > us?
> >
> > f 0644 root:sys etc/devlink.tab
> > - ????
> >
> > f 0644 root:root etc/nsswitch.conf
> > - Looks the same as the normal nsswitch.files to me. Can we just
> > copy nsswitch.files to be this one?
> >
> > f 0644 root:root etc/nsswitch.nis
> > - Why need to use NIS?
> >
>
> We don't, because NWAM isn't going to set that up. Remove it.
>
> Dave
> _______________________________________________
> caiman-discuss mailing list
> caiman-discuss at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/caiman-discuss
>
