On 19/07/2021 10:04, Sam Varshavchik wrote:
Ed Greshko writes:
> On 19/07/2021 08:41, Sam Varshavchik wrote:
>> Ed Greshko writes:
>>
>>> On 18/07/2021 20:38, Sam Varshavchik wrote:
>>>> Eyal Lebedinsky writes:
>>>>
>>>>>> In /etc/nsswitch.conf which is a symlink.
>>>>>>
>>>>>> [egreshko@meimei etc]$ ll nsswitch.conf
>>>>>> lrwxrwxrwx. 1 root root 29 Jul 14 16:01 nsswitch.conf ->
/etc/authselect/nsswitch.conf
>>>>>
>>>>> I have:
>>>>> $ ll /etc/nsswitch.conf
>>>>> -rw-r--r-- 1 root root 2150 Jul 18 00:08 /etc/nsswitch.conf
>>>>>
>>>>> $ ll /etc/authselect/nsswitch.conf
>>>>> ls: cannot access '/etc/authselect/nsswitch.conf': No such
file or directory
>>>>
>>>> I just checked, and none of my machines have /etc/nsswitch.conf as a
symlink. This includes one box that was fresh-installed as F30 (approx).
>>>>
>>>> The fresh-installed box had a bunch of files in /etc/authselect.
>>>>
>>>> The others, just:
>>>>
>>>> [mrsam@monster ~]$ ls -al /etc/authselect/
>>>> total 32
>>>> drwxr-xr-x. 3 root root 4096 Jul 17 19:30 .
>>>> drwxr-xr-x. 212 root root 16384 Jul 17 19:37 ..
>>>> drwxr-xr-x. 2 root root 4096 Mar 31 07:36 custom
>>>> -rw-r--r--. 1 root root 1783 Jul 17 19:30 user-nsswitch.conf
>>>> -rw-r--r--. 1 root root 1783 May 22 09:25 user-nsswitch.conf.bak
>>>>
>>>> All of them have authselect-libs installed.
>>>>
>>>
>>> I must say, none of that makes any sense to me.
>>>
>>> I just installed a new VM using Fedora-KDE-Live-x86_64-30-1.2.iso. Even the
live image has /etc/nsswitch.conf as a sym link
>>> to /etc/authselect/nsswitch.conf
>>> And when I connect with that newly installed VM, without having done any
updates, I see.
>>>
>>> [egreshko@f30k ~]$ ll /etc/nsswitch.conf
>>> lrwxrwxrwx. 1 root root 29 Jul 19 06:25 /etc/nsswitch.conf ->
/etc/authselect/nsswitch.conf
>>>
>>> and
>>>
>>> [egreshko@f30k ~]$ ls /etc/authselect/
>>> authselect.conf dconf-locks password-auth system-auth
>>> custom fingerprint-auth postlogin user-nsswitch.conf
>>> dconf-db nsswitch.conf smartcard-auth
>>>
>>> So, it is hard for me to understand how your results could be so different
than mine unless you've then made changes to your
>>> system out of habit.
>>>
>>> Maybe you can double check what version of fedora you actually did install at
the start? Assuming the logs haven't been
>>> overgrown you can do "dnf history info 1'.
>>
>>
>> Transaction ID : 1
>> Begin time : Thu 25 Apr 2019 10:07:40 PM EDT
>> Begin rpmdb : 0:da39a3ee5e6b4b0d3255bfef95601890afd80709
>> End time : Thu 25 Apr 2019 10:12:12 PM EDT (272 seconds)
>> End rpmdb : 1495:0e25a85737decf86c21aa98d4f2b17b8e03e5d2a
>> User : System <unset>
>> Return-Code : Success
>> Releasever : 30
>>
>> That's what it says.
>>
>> Doing some more poking:
>>
>> /etc/nsswitch.conf is owned by the glibc package, according to rpm.
>>
>> rpm -q -l -v glibc says that it's a plain file. It is not a symlink.
>>
>> I'm going to guess that it's authselect that replaces /etc/nsswitch.conf
with a symlink:
>> # authselect current
>> No existing configuration detected.
>>
>> I also note:
>>
>> [root@thinkpad ~]# authselect test minimal
>> File /etc/nsswitch.conf:
>> # If you want to make changes to nsswitch.conf please modify
>> # /etc/authselect/user-nsswitch.conf and run 'authselect apply-changes'.
>> #
>> [ more stuff ]
>>
>> That sounds more like what you are seeing on your machine.
>
> Interesting. On my newly installed F30 system, which I've only run 3 commands as
root.
>
> [root@f30k ~]# history
> 1 systemctl --now enable sshd
> 2 firewall-config
> 3 history
>
> [root@f30k ~]# authselect current
> Profile ID: sssd
> Enabled features:
> - with-fingerprint
> - with-silent-lastlog
>
> [root@f30k ~]# history
> 1 systemctl --now enable sshd
> 2 firewall-config
> 3 history
> 4 authselect current
> 5 history
>
> I find your experience odd.
Spin-related installation differences? I installed the XFCE spin image.
rpm shows that the /etc/nsswitch.conf file is owned by glibc, and it installs it as a
plain file.
If authselect replaces it with a symlink, it must mean that something ran authselect.
Looking at authselect's scriptlets, they install all the extra files only if the
scriptlets detect, at installation time, that "authselect check" gives the
current configuration a clean bill of health:
FILES="nsswitch.conf system-auth password-auth fingerprint-auth \
smartcard-auth postlogin dconf-db dconf-locks"
When I installed F30 I distinctly recall, albeit dimly, a step where I get to select the
system authentication configuration, and I selected the "I just have a vanilla Fedora
system without any funky configuration" option. Maybe that one does not run
authselect at all, and just leaves the glibc-installed nsswitch.conf alone.
I just installed an F30 VM from Fedora-Xfce-Live-x86_64-30-1.2.iso
After install, the very first thing I did from a terminal was.
[egreshko@f30x ~]$ sudo authselect current
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for egreshko:
Profile ID: sssd
Enabled features:
- with-fingerprint
- with-silent-lastlog
and
[egreshko@f30x ~]$ ll /etc/nsswitch.conf
lrwxrwxrwx. 1 root root 29 Jul 19 09:52 /etc/nsswitch.conf ->
/etc/authselect/nsswitch.conf
When I installed from the Live image there was no such step as you've dimly recalled.
Did you, by chance, not install from the Xfce live image but from the Netinst image or
Everything image?
--
Remind me to ignore comments which aren't germane to the thread.