should file ncrack-services go to /etc?

Till Maas opensource at till.name
Tue Sep 22 20:00:49 UTC 2009 

On Tue, Sep 22, 2009 at 10:42:20AM -0700, Toshio Kuratomi wrote:
> On 09/22/2009 02:43 AM, Martin Gieseking wrote:
> > Am 21.09.2009 23:24, Till Maas wrote:
> >> On Mon, Sep 21, 2009 at 04:58:32PM -0400, Casey Dahlin wrote:
> >>> On 09/21/2009 04:04 PM, Till Maas wrote:
> >>>> On Mon, Sep 21, 2009 at 08:47:24PM +0200, Martin Gieseking wrote:
> >>>>
> >>>>> during the review of ncrack 
> >>>>> (https://bugzilla.redhat.com/show_bug.cgi?id=523199) I noticed that
> >>>>> the  file ncrack-services is placed in /usr/share/ncrack by
> >>>>> default. Since it  is a kind of configuration file that contains
> >>>>> mappings between port  numbers and protocol names (similar to
> >>>>> /etc/services), I'm not sure  whether the location
> >>>>> /usr/share/ncrack is OK or whether it's required to  move it to
> >>>>> /etc. Here's its content:
> >>>> Imho it does not need to be moved to /etc, because it should only be
> >>>> edited by experienced users and then the user can specify a the edited
> >>>> file at the commandline.
> >>>>
> >>> Neither of which are factors considered by the FHS.
> >>
> >> Since the file is not meant to be edited, it is not a host-specific
> >> config file, but a package version specific config file, which is
> >> managed by upstream and not by the user. So from the users point of
> >> view, it's more a data file than a config file.
> > 
> > Casey and Till,
> > 
> > thanks for your comments. If I interpret them correctly, there's no
> > Fedora policy that demands moving the file to /etc even if /etc could
> > also be a proper location. Then we can finish the review of ncrack. :)
> > 
> This is an Incorrect summary.  Fedora has a policy of following the FHS.
>  If the files are config, then they go in /etc.  Till is making
> incorrect statements when he uses this reasoning:
> 
> """
> Imho it does not need to be moved to /etc, because it should only be
> edited by experienced users and then the user can specify a the edited
> file at the commandline.
> """
> 
> The level of experience of the user is irrelevant.  If the user edits
> the file to configure the program, then it goes into /etc.

Maybe experience was not the right word here. Imho it does not really
matter, whether the users edits a file, to change the beheaviour of a
program, but whether the file is intended to be used for this. E.g.
experienced users could also edit python scripts or shell scripts to
configure them, e.g. to set a certain default beheaviour, e.g. if the
program does not provide a interface using a config file for this. Still
the program is not a config file. My comment here was in reaction of the
quoted manpage in https://bugzilla.redhat.com/show_bug.cgi?id=523199#c12

| It could go in /etc/ ... but the man page has this:
|
|    --datadir directoryname (Specify custom Ncrack data file location) .
|            Ncrack needs a file called ncrack-services to load a
|            lookup-table of
|            supported services/ports. This file shouldn´t be changed,
|            unless you know what
|            you are doing (e.g extending Ncrack for additional modules).

Another example which kind of fits here, are imho .desktop files. They
also allow to configure which files are how openend by xdg-open. Oh, but
thinking more about it, .desktop files seem even better to belong to
/etc than to /usr, unless there exists some intended way to mask them
with other .desktop files in /etc.

Nevertheless, the distinctions seems to be kind of fuzzy to me and the
FHS does not really provide a clear guidance for this.

> In his next message, though, he says this:
> """
> Since the file is not meant to be edited, it is not a host-specific
> config file
> """
> 
> and concludes that the file is a data file.  This is a more correct
> stating of the Guidelines.
> 
> > 
> >> Btw. as far as I understand the program, if the config file is changed,
> >> then an addional module, which is written in C++, that covers the new
> >> service needs to be added, too.
> > 
> > Not necessarily. There might be scenarios where you want to change the
> > default ports for several services, maybe because the ssh daemons in
> > your local network are configured to listen on port 12345. In this case
> > the admin possibly would like to adapt the default settings of ncrack.
> > 
> 
> This means that the file must go in /etc.

If this is really a valid use case for the file. But then this should be
also cleanly communicated, e.g. datadir and data file substituted with
confidir and config file in the manpage and this should be given as an
example. Maybe it should be also made clear in the file, that changing
it is not expected by upstream, e.g. in case of bug reports, where
something does not work, because of changes to the file.

Regards
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20090922/8bf95939/attachment.bin

More information about the devel mailing list