Ed Greshko writes:
I just installed an F30 VM from Fedora-Xfce-Live-x86_64-30-1.2.iso
After install, the very first thing I did from a terminal was.
[egreshko@f30x ~]$ sudo authselect current
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for egreshko:
Profile ID: sssd
Enabled features:
- with-fingerprint
- with-silent-lastlog
It's surprising that sssd is the default, and not minimal.
and
[egreshko@f30x ~]$ ll /etc/nsswitch.conf
lrwxrwxrwx. 1 root root 29 Jul 19 09:52 /etc/nsswitch.conf ->
/etc/authselect/nsswitch.conf
When I installed from the Live image there was no such step as you've dimly
recalled.
Did you, by chance, not install from the Xfce live image but from the
Netinst image or Everything image?
No, that part I'm sure of. I loaded the live image onto a USB stick and
drove to the local computer shop (a dying breed) where the kid built the
Threadripper for me. I had him boot the Live image off the USB stick, it
did. Then I picked it up, took it home, and did the install off it.
Now, here's the thing, on: 1) the machine where /var/lib/authselect is
mostly empty, and 2) on the one which initially had F30 installed off it:
[mrsam@thinkpad etc]$ ls -al nsswitch.conf
-rw-r--r--. 1 root root 1802 Jul 17 18:39 nsswitch.conf
Both machines had nsswitch.conf updated when I updated them last night,
installing the glibc update.
In the glibc rpm:
%verify(not md5 size mtime) %config(noreplace) /etc/nsswitch.conf
I found a handy-dandy table, here:
%verify(not md5 size mtime) %config(noreplace) /etc/nsswitch.conf
According to the table: when installing an rpm update which updates the
config file, if rpm thinks that the previous version's config file was not
edited/modified, it gets replaced by the file from the new version.
If you were to run "rpm -V glibc" even though the glibc-installed
nsswitch.conf was clobbered by the symlink, the %verify will result in it
not being reported as modified.
But what about when an update get installed? Does that mean that rpm will
also conclude that the existing config file is unchanged, and, according to
this table, will just replace the symlink with the file from the new rpm
version?
I should be able to run a quick test of this, tomorrow-ish…