Sym-links should work initially. But consider bind mounting /etc from a R/W point such as /local/etc (for example).
Changing passwords locally requires other files under /etc, so simply sym-linking does not solve all your problems, but a bind mount /etc goes much further. On 12/9/08, Dominic Coulombe <[EMAIL PROTECTED]> wrote: > Hi, > > * Short story * > Is it possible to relocate /etc/passwd, /etc/shadow and /etc/group files ? > > > * Long story * > I am building a system based on SLES10-SP2 with a read only root fs. My > work is based on the Redpaper REDP-4322-00, "Sharing and maintaining Linux > under z/VM". Very inspiring work. This is the first time I try to share > the whole root fs, but I have shared other directory in the past. > > I would like to put the /etc directory and most of its content in the shared > root fs. Where strictly needed, I would use symbolic links pointing to > files stored on a local read write disk. That way, I could have very > similar clones. > > I planned to move from /etc to my local parameters disk stuff like HOSTNAME, > fstab, zipl.conf, sysconfig and other files customized to every clone needs. > > My problem is that pwutils programs (passwd, chage, ...) expect > /etc/password, /etc/shadow and /etc/group to be read writable by root and to > be files, not symbolic links. Here is an example. If I move /etc/shadow to > /my/local/path/shadow and create a symbolic link from /my/local/path/shadow > to /etc/shadow. The passwd command, when issued to change a password, will > load /my/local/path/shadow file, then recreate a new shadow file, destroying > my symbolic link at the same time. This is when my root fs is mounted read > write. When my root fs is mounted read only, the passwd command fails with > this error message : > > Cannot lock password file: already locked. > Error: Password NOT changed. > > I don't see any way to change the location of these files, other than > rebuilding the pwutils package, which is not something I am comfortable to > put in production systems. > > I know I could just mount the whole /etc directory from a read write disk. > It works perfectly. But I do lose the idea of a "perfect" clone with a > local /etc. > > Does anybody tried this and succeeded or is it just a crazy idea ? > > Would it be a better solution to have a local, read write /etc disk with > some symbolic links pointing to the "secured" files I want to be identical > between two clones ? I am open to other suggestions as well. > > Thanks to all. > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- Sent from Gmail for mobile | mobile.google.com -- R; <>< ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390