[Fedora-directory-devel] Read only config
Pete Rowley
prowley at redhat.com
Sat Feb 10 00:56:46 UTC 2007
Richard Megginson wrote:
> Andrew Bartlett wrote:
>> On Fri, 2007-02-09 at 12:40 -0600, Dennis Gilmore wrote:
>>
>>> On Friday 09 February 2007 11:37, Richard Megginson wrote:
>>>
>>>> Howard Chu wrote:
>>>>
>>>>>> Date: Fri, 09 Feb 2007 08:15:11 -0700
>>>>>>
>>>>>> From: Richard Megginson <rmeggins at redhat.com>
>>>>>>
>>>>>> Andrew Bartlett wrote:
>>>>>>
>>>>>>>> On Thu, 2007-02-08 at 20:23 -0800, Pete Rowley wrote:
>>>>>>>>
>>>>>>>> The debian folks (who take FHS seriously)won't buy that. The
>>>>>>>>
>>>>>>> real test
>>>>>>>
>>>>>>>
>>>>>>>> is the ability to have a read only /etc. This sounds like a
>>>>>>>> /var/lib
>>>>>>>> thing. >
>>>>>>>>
> I think there are two things which are required by Fedora DS to
> satisfy the requirements.
> 1) Need to be able to specify, during configure, the default path for
> instance specific writable config files. This would allow you to do
> something like:
> ./configure --with-instconfigdir=/var/lib/fedora-ds ....
> If not specified, the default would be
> $(sysconfigdir)/$(PACKAGE_NAME). When you specify this, you can use
> ds_newinst.pl to create a new instance without having to specify
> config_dir=/var/lib/fedora-ds/slapd-instance in your .inf file. I
> think this would solve the immediate problem.
>
> However, the real problem here is that you may want to run your server
> with a read-only config for security reasons. so
> 2) Need to be able to run the server with read-only config. The first
> time the server starts up, it would need to have a writable config
> dir, but after that, it should be able to run with a read-only
> config. This would involve several changes to the server, and would
> necessitate adding another server directory to store state information
> (or just use the dbdir for this). I think the uuid gen and csn gen
> (and now the dna plugin) need to store state information which is now
> stored in dse.ldif. We would have to move this information to some
> other location.
We might consider having a particular subtree for dynamic configuration
i.e. that which is updated automatically with persistent run time state
changes rather than as a consequence of direct admin initiated config
changes, we could then make that a separate back-ldif backend with its
own location.
--
Pete
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20070209/44999976/attachment.bin>
More information about the Fedora-directory-devel
mailing list