From: Jason McIntyre <jmc@kerhand.co.uk>
Subject: Re: Document cap_mkdb command for login.conf.d
To: tech@openbsd.org
Date: Tue, 23 Jan 2024 07:01:54 +0000

On Mon, Jan 22, 2024 at 09:55:26PM -0600, Matthew Martin wrote:
> The command to generate the cap db when login.conf.d is in use isn't
> immediately obvious as login.conf.d takes precedence which then
> necessitates the use of -f. Add example to login.conf.5 matching the
> example without login.conf.d. Command courtesy of Sol?ne.
> 

hi. just looking to see whether we could get away with just one example.
bear with me as i don;t use this stuff.

the cap_mkdb page says that "The database is named by the basename of the
first file argument and the string '.db'". wouldnt this work:

	# cap_mkdb /etc/login.conf /etc/login.conf.d/*

or is there a need to specify that particular order?

regardless, i wonder whether a single example (invloving login.conf.d)
wouldn;t be better - it would be easier for someone not using
login.conf.d but wanting to build a database to work it out.

jmc

> diff --git login.conf.5 login.conf.5
> index 3d6d92a14c3..66fa3f543e5 100644
> --- login.conf.5
> +++ login.conf.5
> @@ -81,6 +81,12 @@ the following command may be used:
>  .Pp
>  .Dl # cap_mkdb /etc/login.conf
>  .Pp
> +Or if
> +.Pa /etc/login.conf.d
> +is in use:
> +.Pp
> +.Dl # cap_mkdb -f /etc/login.conf /etc/login.conf.d/* /etc/login.conf
> +.Pp
>  Note that
>  .Xr cap_mkdb 1
>  must be run after each edit of
>