From owner-freebsd-current@freebsd.org Tue May 10 18:28:49 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 390CFB36E27 for ; Tue, 10 May 2016 18:28:49 +0000 (UTC) (envelope-from drosih@rpi.edu) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 0E8481CF4 for ; Tue, 10 May 2016 18:28:49 +0000 (UTC) (envelope-from drosih@rpi.edu) Received: by mailman.ysv.freebsd.org (Postfix) id 0DE3EB36E26; Tue, 10 May 2016 18:28:49 +0000 (UTC) Delivered-To: current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0D954B36E25 for ; Tue, 10 May 2016 18:28:49 +0000 (UTC) (envelope-from drosih@rpi.edu) Received: from smtp10.server.rpi.edu (gateway.canit.rpi.edu [128.113.2.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "canit.localdomain", Issuer "canit.localdomain" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id D22991CF0; Tue, 10 May 2016 18:28:48 +0000 (UTC) (envelope-from drosih@rpi.edu) Received: from smtp-auth2.server.rpi.edu (smtp-auth2.server.rpi.edu [128.113.2.232]) by smtp10.server.rpi.edu (8.14.4/8.14.4/Debian-8) with ESMTP id u4AIMSx1020155 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 10 May 2016 14:22:28 -0400 Received: from smtp-auth2.server.rpi.edu (localhost [127.0.0.1]) by smtp-auth2.server.rpi.edu (Postfix) with ESMTP id 3F44E18025; Tue, 10 May 2016 14:22:28 -0400 (EDT) Received: from [128.113.24.47] (gilead-qc124.netel.rpi.edu [128.113.124.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: drosih) by smtp-auth2.server.rpi.edu (Postfix) with ESMTPSA id 32E5F18002; Tue, 10 May 2016 14:22:28 -0400 (EDT) From: "Garance A Drosehn" To: "Glen Barber" Cc: current@FreeBSD.org Subject: Re: HEADS-UP: installworld on r299292 through r299317 will replace master.passwd, passwd, and group files Date: Tue, 10 May 2016 14:22:59 -0400 Message-ID: In-Reply-To: <20160510062436.GB47527@FreeBSD.org> References: <20160510055341.GA47527@FreeBSD.org> <20160510081844.54f1cb28@freyja.zeit4.iv.bundesimmobilien.de> <20160510062436.GB47527@FreeBSD.org> MIME-Version: 1.0 X-Mailer: MailMate (1.9.4r5234) X-Virus-Scanned: ClamAV using ClamSMTP X-Bayes-Prob: 0.0001 (Score 0, tokens from: outgoing, @@RPTN) X-Spam-Score: 0.00 () [Hold at 10.10] X-CanIt-Incident-Id: 03QQGmshh X-CanIt-Geo: ip=128.113.124.17; country=US; region=New York; city=Troy; latitude=42.7495; longitude=-73.5951; http://maps.google.com/maps?q=42.7495,-73.5951&z=6 X-CanItPRO-Stream: outgoing X-Canit-Stats-ID: Bayes signature not available X-Scanned-By: CanIt (www . roaringpenguin . com) on 128.113.2.230 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 May 2016 18:28:49 -0000 On 10 May 2016, at 2:24, Glen Barber wrote: > On Tue, May 10, 2016 at 08:18:44AM +0200, O. Hartmann wrote: >> >> It is not only master.passwd, it is also group and several other >> config files, I suspect it is the whole bunch of files located >> in /etc/ getting reset to their initial file values. >> >> My OpenLDAP environment isn't working anymore due to /etc/pam.d >> reset. X11 doesn't start anymore due to reset of /etc/ttys. also, >> sysctl.conf has been reset. > > The change (incorrectly) invoked the 'distribution' target, so > anything that gets "touched" by that will likely be affected. > > You are correct that we should have an additional failsafe for > this kind of thing, not just a subset of files arbitrarily placed > in /var/backups via a periodic(8) script. Hmm. When working on some non-BSD open-source system, I found it prudent to backup /etc. And I'm lazy, so I went with a simple tactic of: MLET=$(awk -v "MDIG=$(date +%m)" \ 'BEGIN { print substr("ABCDEFGHJKLMxyz", MDIG, 1); }') ETCTARNAME="/tmp/$(hostname -s)-etc-$(date +%Y${MLET}%d).tbz2" ETCLNKNAME="etc-$(hostname -s)-$(date +%Y${MLET}%d)" cd / ln -s etc "$ETCLNKNAME" nice tar cjf "$ETCTARNAME" "$ETCLNKNAME"/* scp -p "$ETCTARNAME" $ETCSAV_DEST:Downloads/SAV-etcs rm -f "$ETCTARNAME" "$ETCLNKNAME" The idea is to create a symlink of etc which includes a timestamp (eg: "etc-freefall-2016E10"), and create a compressed tar archive which saves all the files as being under that directory-name instead of /etc. I then copy that to a different host, and remove the archive file. Maybe I should add something like that to my own installworld script. Probably should adjust it somewhat to pay better attention to potential security issues. (you wouldn't want to copy that archive file to a public FTP server, for instance!) Then when something goes haywire, I would create a new archive and then compare the two complete sets of /etc files to see what has changed. -- Garance Alistair Drosehn = drosih@rpi.edu Senior Systems Programmer or gad@FreeBSD.org Rensselaer Polytechnic Institute; Troy, NY; USA