Date: Tue, 23 Jan 1996 14:46:11 +0200 From: Dmitry Kohmanyuk <dk@dog.farm.org> To: nate@sri.MT.net (Nate Williams) Cc: freebsd-security@freebsd.org, freebsd-hackers@freebsd.org Subject: Re: ssh /etc config files location.. Message-ID: <199601231246.OAA00822@dog.farm.org>
next in thread | raw e-mail | index | archive | help
In article <inj.c-31044139-4fc0@bee.cs.kiev.ua> you wrote: > > still don't like things touching /etc though. I don't see why we > > should make exceptions for ports that install into /usr/local if they > > happen to have host specific configurations, that's something that the > > local NFS admin should sort out. You'll have exactly the same problem > > if you administer diskless machines. > Agreed. I don't see an easy answer to this, but the current system is > unacceptable for hosts that share /usr/local. oh guys, but we can just make a symlink! NFS mount your /usr/local and just have /usr/local/etc pointing to /etc/local. It's just so plain easy. (or make a /usr/local/etc/ssh -> /etc/ssh if ssh uses a directory for its config files). Maybe this should become a policy?? Hmm, somebody should now argue that security problem with NFS spoofing remains. Yes. But having setuid root binaries in /usr/local is not more dangerous anyway. I have read Linux's FSSTND document (available from tsx-11.mit.edu in /pub/linux/docs/linux-standards/fsstnd), and these guys seems to do it right. (i.e., _all_ host-dependend stuff is not under /usr). On my system, I have /var/links and /usr/X11/bin/X -> /var/links/X11/X which in turn points back to /usr/X11/bin/XF86_<server_for_this_host> also, /usr/share/man/cat* should _NOT_ reside in /usr, but rather in /var/man (or /var/catman??) Since it now seems to move from -security topic, I cross-post it to -hackers. -- "C makes it easy to shoot yourself in the foot, C++ makes it harder, but when you do, it blows away your whole leg" -- Bjarne Stroustrup
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601231246.OAA00822>