Index | Thread | Search

From:
Jason McIntyre <jmc@kerhand.co.uk>
Subject:
Re: Document cap_mkdb command for login.conf.d
To:
tech@openbsd.org
Date:
Tue, 23 Jan 2024 08:18:51 +0000

Download raw body.

Thread 
On Tue, Jan 23, 2024 at 07:39:26AM +0000, Stuart Henderson wrote:
> On 2024/01/23 07:10, Jason McIntyre wrote:
> > On Tue, Jan 23, 2024 at 07:07:01AM +0000, Stuart Henderson wrote:
> > > On 2024/01/22 21:55, Matthew Martin wrote:
> > > > The command to generate the cap db when login.conf.d is in use isn't
> > > > immediately obvious as login.conf.d takes precedence which then
> > > > necessitates the use of -f. Add example to login.conf.5 matching the
> > > > example without login.conf.d. Command courtesy of Sol?ne.
> > > 
> > > I strongly recommend against doing this. When a package is updated to
> > > a version with a different login.conf.d file, the old db file will
> > > override the newly updated text file, so the changes won't take effect.
> > > 
> > 
> > well, login.conf(5) says:
> > 
> >      Note that cap_mkdb(1) must be run after each edit of /etc/login.conf or
> >      the /etc/login.conf.d/${class} file to keep the database version in sync
> >      with the plain file.
> 
> I don't think that goes far enough really - will anyone think that
> "edit" also includes "run pkg_add" in some cases?
> 
> > so maybe we should be more active in not suggesting this route for
> > login.conf.d (if, as you say, it is not recommended).
> 
> That would seem a good idea to me. There are already plenty of ways
> people can store up trouble for their future selves without us
> suggesting new ones :)
> 

sth like this? the alternative would be to just be silent about the
login.conf.d database issue.

jmc

Index: login.conf.5
===================================================================
RCS file: /cvs/src/share/man/man5/login.conf.5,v
retrieving revision 1.72
diff -u -p -r1.72 login.conf.5
--- login.conf.5	22 Jan 2024 19:26:55 -0000	1.72
+++ login.conf.5	23 Jan 2024 08:18:03 -0000
@@ -84,10 +84,10 @@ the following command may be used:
 Note that
 .Xr cap_mkdb 1
 must be run after each edit of
-.Pa /etc/login.conf
-or the
+.Pa /etc/login.conf .
+Using a database for
 .Pa /etc/login.conf.d/${class}
-file to keep the database version in sync with the plain file.
+is not generally recommended.
 .Sh CAPABILITIES
 Refer to
 .Xr cgetent 3