Bug 7829 - openSUSE is putting configuration in /usr/etc (breaks PAM)
Summary: openSUSE is putting configuration in /usr/etc (breaks PAM)
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Other (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: MediumPrio
Assignee: Bugzilla mail exporter
Depends on:
Reported: 2022-02-01 17:08 CET by Pierre Ossman
Modified: 2022-02-08 16:20 CET (History)
1 user (show)

See Also:
Acceptance Criteria:


Description Pierre Ossman cendio 2022-02-01 17:08:09 CET
So openSUSE decided to go crazy and severely break existing norms regarding system configuration:


TL;DR: they want clearer separation between original and changed configuration, and this also helps doing atomic updates of the system

Sensible goals, but they seem to be trying to do this alone, which seems overly ambitious given that this will require major modification in many applications. There's lots of software that only supports looking at a single file.

They've started some support library to help out with this:


This move is also in explicit violations of the FHS, further cementing that they are alone in this approach:

>  Note that /usr/etc is still not allowed: programs in /usr should place configuration files in /etc. 

For ThinLinc this currently has the effect of breaking the PAM stage of tl-setup as it fails to find the configuration in /etc/pam.d.

This change currently affects openSUSE Tumbleweed, but doesn't seem to have much changes in openSUSE Leap yet. We'll see how this trickles down to SLE.
Comment 1 Pierre Ossman cendio 2022-02-01 17:09:49 CET
One place where this was noted:


He also did a workaround of symlinking /usr/etc/pam.d/sshd to /etc/pam.d/sshd, which is probably not a good idea as you're not supposed to change the files under /usr/etc. A copy would be the proper approach.
Comment 2 Peter Wirdemo 2022-02-05 12:05:17 CET
I also reacted to the symlink, it is probably not a good idea.

From the https://en.opensuse.org/openSUSE:Packaging_UsrEtc


PAM reads the configuration files from two places:


pam-config reads the configuration files from this two places, too. But it only writes into /etc/pam.d.

If a file in /etc/pam.d exists, a file with the same name in /usr/etc/pam.d will be ignored. A system administrator has, to make manual changes, copy the PAM config file from /usr/etc/pam.d/ to /etc/pam.d/ and modify that.
Comment 3 Peter Wirdemo 2022-02-05 12:44:23 CET
This change could escalate the problem with sshd_config, as in https://www.cendio.com/bugzilla/show_bug.cgi?id=7569

From the https://en.opensuse.org/openSUSE:Packaging_UsrEtc

/etc/ssh/sshd_config was moved to /usr/etc/ssh/sshd_config, /etc/ssh/sshd_config and /etc/ssh/sshd_config.d/*.conf will be additional looked at (Variant 1). The /etc/ssh/sshd_config.d method should be preferred, but is not useable for all config options. The same applies for /etc/ssh/ssh_config.

Note You need to log in before you can comment on or make changes to this bug.