Hello list,
Igor suggested in authselect pull request that authselect should own
configuration files in /etc/authselect.
See:
https://src.fedoraproject.org/rpms/authselect/pull-request/5
More specifically:
+ %ghost %{_sysconfdir}/authselect/dconf-db
+ %ghost %{_sysconfdir}/authselect/dconf-locks
+ %ghost %{_sysconfdir}/authselect/fingerprint-auth
+ %ghost %{_sysconfdir}/authselect/nsswitch.conf
+ %ghost %{_sysconfdir}/authselect/password-auth
+ %ghost %{_sysconfdir}/authselect/postlogin
+ %ghost %{_sysconfdir}/authselect/smartcard-auth
+ %ghost %{_sysconfdir}/authselect/system-auth
+ %ghost %{_sysconfdir}/authselect/user-nsswitch.conf
This makes perfect sense, however if authselect owns these files and
admin then uninstalls authselect, the system will be locked out because
pam configuration was removed.
I do not know any way how to own these files and yet leave them
untouched after uninstallation, thus I see only two solutions:
1) Do not own these files at all.
2) Remove symlinks to /etc/authselect/* and restore these files to their
original location (i.e. /etc/nsswitch.conf, /etc/pam.d/*).
Which do you prefer? Is there other way to do this?
Thank you,
Pavel.