[2923] in SIPB_Linux_Development
Re: Installing PUBLIC=false
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Thu Aug 24 22:34:26 2000
Date: Thu, 24 Aug 2000 22:34:03 -0400
To: Sam Hartman <hartmans@MIT.EDU>
Cc: linux-dev@MIT.EDU
In-Reply-To: "[2913] in SIPB_Linux_Development"
From: Jonathon Weiss <jweiss@MIT.EDU>
> I think proponents of PUBLIC=true should identify what PUBLIC=true is
> likely to break that the Redhat installer might do as well as what
> user activities this might disrupt. I do not have enough information
> to know all the ways PUBLIC=true might do the wrong thing. Until this
> changes, I believe that I can produce a higher-stability product by
> installing PUBLIC=false AUTOUPDATE=true.
> If we do get a good list of potential impact of PUBLIC=true, then we
> can weigh these potential negatives against the possible benefits and
So, I too think that the deafult install really should be PUBLIC=true.
If it's not that's a moderate behavorial difference from what you get
wehn you use the IS installer (since verification is only done on
PUBLIC=true machines.)
The best way to understand what cleanup is done is to look at
/etc/athena/verify on an IS-linux-Athena machine. The short form of
what it does is:
* adds and removes RPMs so that it has exactly the right set
for an default Athena machine
* runs rpm -V -a and reinstalls RPMs if any of their files
have been modified (tho there is an exception list of files
to ignore.)
* Replaces a list of config files with versions that are
stored in AFS (/etc/services, /etc/syslog.conf,
/etc/inittab, /etc/X11/prefdm, /etc/X11/fs/config,
/etc/info-dir, /usr/X11R6/lib/X11/app-defaults/XTerm,
/etc/inetd.conf, /etc/athena/rc.conf, /etc/conf.linuxconf)
* It should cleanup the passwd/shadow files. It doesn't right
now, but that's a bug that I plan to fix now that I've
noticed it.
Other PUBLIC=true cleanup that isn't done by /etc/athena/verify includes:
* blow away attachtab and clean out /mit at boot
* remove /.hushlogin /etc/X0.hosts /etc/nologin.persist
/etc/ssh_host_key*
{/etc,/etc/athena,/etc/athena/login}/*.local at boot time
* edit /etc/motd
Overall this looks reasonably safe. I suppose asserting the exact set
of RPMs could be an issue, but only if you have a different set of
RPMs than Athena. As we discussed in person this should only apply
for the custom install (in which case I don't have as big a with
problem PUBLIC=false). I suppose that cleaning up some of the config
files could conceivably cause a problem, but I think it's unlikely for
any of the files listed.
--
Jonathon
