Alexander Bokovoy <aboko...@redhat.com> writes: > On Sat, 28 May 2016, Robbie Harwood wrote: >> Alexander Bokovoy <aboko...@redhat.com> writes: >>> On Fri, 27 May 2016, Robbie Harwood wrote: >>>> Stanislav Laznicka <slazn...@redhat.com> writes: >>>>> From: Stanislav Laznicka <slazn...@redhat.com> >>>>> >>>>> The include of /etc/krb5.conf.d/ is required for crypto-policies >>>>> to work properly >>>>> >>>>> https://fedorahosted.org/freeipa/ticket/5912 >>>> >>>> Thank you for working on this. Is the intent on the part of >>>> FreeIPA to keep a separate, freeipa-speicifc directory? And if so, >>>> can I suggest that we not do that? >>> >>> SSSD cannot write to /etc and I don't think we have to change it. >> >> Can you elaborate on this? Why can't sssd write the stuff it puts in >> /var/lib into /etc, or symlink it? > > Writing to /etc is considered a privilege of a system administrator. A > runtime override is typically done outside it, in /run like systemd > allows for its configuration for volatile setups and in /var/lib > for non-volatile ones. The latter has long been a state of affairs in > Linux. > > Currently SSSD runs under root but it is already made possible to run as > non-root user and we intend to switch to that mode in future releases.
I guess I don't see a meaningful difference here. We're still writing to /etc when we modify krb5.conf. My reading of the FHS is that this is not an intended use of /var/lib: /var/lib is for state information [0], and the only time the FHS mentions config files is to point out that they go in the /etc tree. Anyway, I've said my piece and won't derail this further. If you want to merge, this is a cosmetic issue and I can live with it. [0]: http://www.pathname.com/fhs/pub/fhs-2.3.html#VARLIBVARIABLESTATEINFORMATION
signature.asc
Description: PGP signature
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code