[Fedora-directory-devel] Read only config (was: FHS: use sysconfdir (/etc) as config file location)

Richard Megginson rmeggins at redhat.com
Sat Feb 10 00:23:48 UTC 2007 

Andrew Bartlett wrote:
> On Fri, 2007-02-09 at 12:40 -0600, Dennis Gilmore wrote:
>   
>> On Friday 09 February 2007 11:37, Richard Megginson wrote:
>>     
>>> Howard Chu wrote:
>>>       
>>>>> Date: Fri, 09 Feb 2007 08:15:11 -0700
>>>>>
>>>>> From: Richard Megginson <rmeggins at redhat.com>
>>>>>
>>>>> Andrew Bartlett wrote:
>>>>>           
>>>>>>> On Thu, 2007-02-08 at 20:23 -0800, Pete Rowley wrote:
>>>>>>>
>>>>>>> The debian folks (who take FHS seriously)won't buy that.  The
>>>>>>>               
>>>>>> real test
>>>>>>
>>>>>>             
>>>>>>> is the ability to have a read only /etc.  This sounds like a /var/lib
>>>>>>> thing.  >
>>>>>>>               
I think there are two things which are required by Fedora DS to satisfy 
the requirements.
1) Need to be able to specify, during configure, the default path for 
instance specific writable config files.  This would allow you to do 
something like:
./configure --with-instconfigdir=/var/lib/fedora-ds ....
If not specified, the default would be $(sysconfigdir)/$(PACKAGE_NAME).  
When you specify this, you can use ds_newinst.pl to create a new 
instance without having to specify 
config_dir=/var/lib/fedora-ds/slapd-instance in your .inf file.  I think 
this would solve the immediate problem.

However, the real problem here is that you may want to run your server 
with a read-only config for security reasons. so
2) Need to be able to run the server with read-only config.  The first 
time the server starts up, it would need to have a writable config dir, 
but after that, it should be able to run with a read-only config.  This 
would involve several changes to the server, and would necessitate 
adding another server directory to store state information (or just use 
the dbdir for this).  I think the uuid gen and csn gen (and now the dna 
plugin) need to store state information which is now stored in 
dse.ldif.  We would have to move this information to some other location.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20070209/3c86eebe/attachment.bin>

More information about the Fedora-directory-devel mailing list