Jeroen Massar
2015-Apr-10 10:27 UTC
Disabling of userdb/passdb modules using config statements
On 2015-04-10 12:16, Gedalya wrote:> On 04/10/2015 05:59 AM, Jeroen Massar wrote: >> >> This can be resolved by commenting out the entries in >> auth-system.conf.ext but then I'll have to do that again at package >> upgrade time. > > Comment out the !include auth-system.conf.ext line in 10-auth.conf.Though indeed simpler than commenting out multiple lines, that file also gets replaced by a package upgrade. Hence does not solve the 'can just upgrade silently' issue.>> Hence, would it be a cool option to be able (in the 99-myconfig.conf) >> file to put: > Actually you mean local.conf. See the master dovecont.conf file, it's > included last.Only when it exists, one can use both. from dovecot.conf: 8<------------- # Most of the actual configuration gets included below. The filenames are # first sorted by their ASCII value and parsed in that order. The 00-prefixes # in filenames are intended to make it easier to understand the ordering. !include conf.d/*.conf # A config file can also tried to be included without giving an error if # it's not found: !include_try local.conf --------------------------->8 Both conf.d/99-myconfig.conf and local.conf can work for this. I prefer 99- as that is what other daemons also use.>> >> passdb { >> driver = pam >> enabled = false >> } >> userdb { >> driver = passwd >> enabled = false >> } >> >> And thereby disabling those modules completely? Thus avoiding upgrade >> conflicts etc. > That's an interesting idea actually. My first thought is that it could > be helpful to use *named* passdb / userdb sections to facilitate this.That would require a default system, which now works out of the box with pam/etc to be properly named and then renamed... Greets, Jeroen
Eduardo M KALINOWSKI
2015-Apr-10 12:23 UTC
Disabling of userdb/passdb modules using config statements
On Sex, 10 Abr 2015, Jeroen Massar wrote:> Though indeed simpler than commenting out multiple lines, that file also > gets replaced by a package upgrade. > > Hence does not solve the 'can just upgrade silently' issue.If the file is unchanged then, yes, it gets replaced on upgrades. If it has local changes, however, you'll get a prompt asking what you want to do (keep your changes or use the package version). So while it fails you "upgrade silently" requirement, you'll not automatically loose the changes you've made. -- Eduardo M KALINOWSKI eduardo at kalinowski.com.br
Jeroen Massar
2015-Apr-10 12:28 UTC
Disabling of userdb/passdb modules using config statements
On 2015-04-10 14:23, Eduardo M KALINOWSKI wrote:> On Sex, 10 Abr 2015, Jeroen Massar wrote: >> Though indeed simpler than commenting out multiple lines, that file also >> gets replaced by a package upgrade. >> >> Hence does not solve the 'can just upgrade silently' issue. > > If the file is unchanged then, yes, it gets replaced on upgrades. If it > has local changes, however, you'll get a prompt asking what you want to > do (keep your changes or use the package version). So while it fails you > "upgrade silently" requirement, you'll not automatically loose the > changes you've made.That is correct, though as I don't want to ever be asked about such things, I am looking for a nicer solution and suggested the 'enabled false' option for these kind of situations. One does not want to manually approve such changes on every box one runs, can be quite a few of them ;) Greets, Jeroen
On 04/10/2015 08:23 AM, Eduardo M KALINOWSKI wrote:> On Sex, 10 Abr 2015, Jeroen Massar wrote: >> Though indeed simpler than commenting out multiple lines, that file also >> gets replaced by a package upgrade. >> >> Hence does not solve the 'can just upgrade silently' issue. > > If the file is unchanged then, yes, it gets replaced on upgrades. If > it has local changes, however, you'll get a prompt asking what you > want to do (keep your changes or use the package version). So while it > fails you "upgrade silently" requirement, you'll not automatically > loose the changes you've made.Actually, a config file in Debian is replaced if it has _not_ been changed locally, and it _has_ been changed upstream. If it has been changed on both sides, you get prompted. If the new package is just a security update, which in most cases means changes to the binaries and not to the default config, then it will just install without prompts, and not touch your config files. If it's an entirely new version, then the desire to just upgrade silently is sort of inappropriate anyway - you will need some preparation.
Apparently Analagous Threads
- Disabling of userdb/passdb modules using config statements
- Disabling of userdb/passdb modules using config statements
- Disabling of userdb/passdb modules using config statements
- Disabling of userdb/passdb modules using config statements
- v1.0.13: maildirfolder not being created