Bug#618885: Bug#624586: Bug#618885: sasl2-bin: unowned files after purge (policy 6.8, 10.8)

Henrique de Moraes Holschuh hmh at debian.org
Sun May 1 13:11:44 UTC 2011 

On Sun, 01 May 2011, Henrique de Moraes Holschuh wrote:
> On Sat, 30 Apr 2011, Russ Allbery wrote:
> > Steve Langasek <vorlon at debian.org> writes:
> > > I don't think that /etc/shadow qualifies as a "configuration file",
> > > either; I would call it "variable state information" (→ /var/lib), but
> > > it lives in /etc because a) it has to be on the root filesystem, b)
> > > that's where it's always been so moving it somewhere else would be more
> > > trouble than it's worth.
> > 
> > > For other packages like sasl (or, say, samba, which stores all its
> > > authentication databases in /var/lib/samba in Debian), neither of these
> > > arguments holds AFAICS.
> > 
> > Actually, now that I look at the sasldb2 file, I think you're right.  I
> > was under the mistaken impression that it was a file that administrators
> > were expected to edit with a text editor, but it's actually a binary file
> > format that's manipulated only via utilities.  You're right; this probably
> > doesn't belong in /etc at all and should instead be somewhere in /var.
> 
> It has the same semanthics as /etc/shadow.

Bah, just noticed the semanthics are broken because we have the libs
outside of / anyway, so if anyone tried to use it for important stuff,
it is already broken.

We could purge it, yes, provided it is optional and we ask about it.  It
needs also to default to NO.  It has to be fool-proof on every possible
fucked up scenario, and in some of them an admin saying "no!" is the
only thing that will save him from losing the authentication information
(passwords) for his users.

That said, relocating it to outside of /etc is a Major Bad Idea, and I
very strongly recommend against it.  Local configuration to move it
somewhere else is already provided, but you just have extreme amount of
application documentation and even certification tests that want it in
/etc/sasldb2.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

More information about the Pkg-cyrus-sasl2-debian-devel mailing list