Message ID | 20231114203608.1490318-1-joakim.tjernlund@infinera.com |
---|---|
Headers | show |
Series | Add sub dir for passwd files | expand |
On 14 Nov 2023, at 20:34, Joakim Tjernlund via lists.openembedded.org <Joakim.Tjernlund=infinera.com@lists.openembedded.org> wrote: > > These patches adds the possibility to store passwd/shadow files > in a sub dir, like /etc/pwdb > In a RO Root FS one can bind mount a writeable dir on /etc/pwdb > to support password changes etc. What’s so special about passwd/shadow that they need special treatment in for read-only rootfs? What happens when you next want to support changes to /etc/group: do we add another variable for that, or re-use PW_SUBDIR? What about /etc/hostname? This has a scaling problem: it’s solving your one particular problem but not the general problem. Anyway, isn’t this a solved problem by using overlayfs? Ross
On Wed, 2023-11-29 at 11:56 +0000, Ross Burton wrote: > On 14 Nov 2023, at 20:34, Joakim Tjernlund via lists.openembedded.org <Joakim.Tjernlund=infinera.com@lists.openembedded.org> wrote: > > > > These patches adds the possibility to store passwd/shadow files > > in a sub dir, like /etc/pwdb > > In a RO Root FS one can bind mount a writeable dir on /etc/pwdb > > to support password changes etc. > > What’s so special about passwd/shadow that they need special treatment in for read-only rootfs? What happens when you next want to support changes to /etc/group: do we add another variable for that, or re-use PW_SUBDIR? What about /etc/hostname? This has a scaling problem: it’s solving your one particular problem but not the general problem. > You don't think most users want to change default passwd in systems? group is included in this patch too should you want to add/change group /etc/hostname can be fixed by using a symlink but managing passwd changes can not as shadow does not follow symlinks. --root/--prefix options in shadow only works for root user > Anyway, isn’t this a solved problem by using overlayfs? That would create other problems, the underlaying RO FS needs to stay unchanged over time and a SW upgrade updating RO FS can change anything in /etc. Could also be considered a security issue as one could update any file in /etc Jocke > > Ross