Hi, Bind mounting the whole /etc directory does work fine. So does mounting a disk containing only the /etc fs.
Thanks for your input. On Tue, Dec 9, 2008 at 17:09, Richard Troth <[EMAIL PROTECTED]> wrote: > Sym-links should work initially. But consider bind mounting /etc from > a R/W point such as /local/etc (for example). > > > Changing passwords locally requires other files under /etc, so simply > sym-linking does not solve all your problems, but a bind mount /etc > goes much further. > > > > > > > On 12/9/08, Dominic Coulombe <[EMAIL PROTECTED]> wrote: > > Hi, > > > > * Short story * > > Is it possible to relocate /etc/passwd, /etc/shadow and /etc/group files > ? > > > > > > * Long story * > > I am building a system based on SLES10-SP2 with a read only root fs. My > > work is based on the Redpaper REDP-4322-00, "Sharing and maintaining > Linux > > under z/VM". Very inspiring work. This is the first time I try to share > > the whole root fs, but I have shared other directory in the past. > > > > I would like to put the /etc directory and most of its content in the > shared > > root fs. Where strictly needed, I would use symbolic links pointing to > > files stored on a local read write disk. That way, I could have very > > similar clones. > > > > I planned to move from /etc to my local parameters disk stuff like > HOSTNAME, > > fstab, zipl.conf, sysconfig and other files customized to every clone > needs. > > > > My problem is that pwutils programs (passwd, chage, ...) expect > > /etc/password, /etc/shadow and /etc/group to be read writable by root and > to > > be files, not symbolic links. Here is an example. If I move /etc/shadow > to > > /my/local/path/shadow and create a symbolic link from > /my/local/path/shadow > > to /etc/shadow. The passwd command, when issued to change a password, > will > > load /my/local/path/shadow file, then recreate a new shadow file, > destroying > > my symbolic link at the same time. This is when my root fs is mounted > read > > write. When my root fs is mounted read only, the passwd command fails > with > > this error message : > > > > Cannot lock password file: already locked. > > Error: Password NOT changed. > > > > I don't see any way to change the location of these files, other than > > rebuilding the pwutils package, which is not something I am comfortable > to > > put in production systems. > > > > I know I could just mount the whole /etc directory from a read write > disk. > > It works perfectly. But I do lose the idea of a "perfect" clone with a > > local /etc. > > > > Does anybody tried this and succeeded or is it just a crazy idea ? > > > > Would it be a better solution to have a local, read write /etc disk with > > some symbolic links pointing to the "secured" files I want to be > identical > > between two clones ? I am open to other suggestions as well. > > > > Thanks to all. > > > > ---------------------------------------------------------------------- > > For LINUX-390 subscribe / signoff / archive access instructions, > > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or > > visit > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > > > -- > Sent from Gmail for mobile | mobile.google.com > > -- R; <>< > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
