(Change submitted to FESCo) |
No edit summary |
||
Line 1: | Line 1: | ||
= Authselect: | = Authselect: Require explicit opt-out = | ||
== Summary == | == Summary == | ||
Any user changes to a configuration generated by authselect will be overwritten by subsequent call to authselect. Users that do not want to use authselect to manage their nsswitch and PAM configuration can opt-out by calling `authselect opt-out` or removing `/etc/authselect/authselect.conf`. It will also make authselect work on CoreOS and other rpm-ostree systems. | |||
== Owner == | == Owner == | ||
Line 42: | Line 32: | ||
== Detailed Description == | == Detailed Description == | ||
Authselect is trying hard to avoid overwriting any potential user changes to the configuration that were not done through the authselect tool. If the content of the configuration has changed without authselect, any subsequent call to authselect refuses to overwrite the changes unless `--force` parameter is given to the tool. This is to prevent destruction of any user configuration. | |||
This behavior allows a "mixed" configuration where the original configuration was created by authselect and then modified by user. Authselect essentially stopped managing those files, but the files were still symbolic links to `/etc/authselect` directory. The way how this is implemented also breaks authselect on ostree systems ([https://bugzilla.redhat.com/show_bug.cgi?id=2034360 BZ#2034360]). Also, it is always quite difficult to explain this behavior to users and it seems to create more confusion then what is the benefit. | |||
This behavior was important in the past to allow smooth and non-breaking transition to authselect. Fedora 36 encourages users to switch to authselect (if they haven't done that already), see [[Changes/Make_Authselect_Mandatory]]. This behavior is therefore no longer needed and we want to eliminate this mixed configuration and let users either use authselect or not, but nothing in between. | |||
The behavior will change to: | |||
* if `/etc/authselect/authselect.conf` '''exists''' and is valid then all `authselect` calls write the new configuration | |||
** authselect will overwrite user changes if there are any and '''will not''' require user's confirmation through `--force` parameter | |||
** content of the files is no longer checked, therefore the files under `/var/lib/authselect` are no longer needed (this will make authselect work on ostree systems) | |||
* if `/etc/authselect/authselect.conf` '''does not exist''' or is corrupted, then `authselect` will require `--force` parameter | |||
* those users that don't want to have their configuration managed by `authselect` can call `authselect opt-out` | |||
** this will convert authselect configuration to non-authselect configuration (convert symbolic links to regular files and remove authselect.conf) | |||
* the result is that users would either use `authselect` or not, nothing in between | |||
== Feedback == | == Feedback == | ||
== Benefit to Fedora == | == Benefit to Fedora == | ||
This makes authselect | * The system configuration will be clear - it is either managed by authselect or not | ||
* This makes authselect compatible with ostree model. | |||
* The new behavior is more simple and similar to what users already know (for example how /etc/resolv.conf is managed) | |||
== Scope == | == Scope == | ||
* Proposal owners: | * Proposal owners: Implement these changes. | ||
* Other developers: N/A (not needed for this Change)<!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | * Other developers: N/A (not needed for this Change)<!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | ||
Line 74: | Line 74: | ||
== Upgrade/compatibility impact == | == Upgrade/compatibility impact == | ||
No impact | No impact. | ||
== How To Test == | == How To Test == | ||
# Authselect keeps working as expected after the upgrade | |||
# Any user change is overwritten when authselect is called if the configuration is managed by authselect (`/etc/authselect/authselect.conf` exist and is valid) | |||
== User Experience == | == User Experience == | ||
Users that do not want to use authselect must explicitly opt-out by calling `authselect opt-out`. It is more clear how the authselect tool operates. | |||
== Dependencies == | == Dependencies == | ||
Line 99: | Line 100: | ||
== Release Notes == | == Release Notes == | ||
Users that do not want use authselect to manage their nsswitch and PAM configuration must explicitly opt-out by calling `authselect opt-out` |
Revision as of 14:51, 31 January 2022
Authselect: Require explicit opt-out
Summary
Any user changes to a configuration generated by authselect will be overwritten by subsequent call to authselect. Users that do not want to use authselect to manage their nsswitch and PAM configuration can opt-out by calling authselect opt-out
or removing /etc/authselect/authselect.conf
. It will also make authselect work on CoreOS and other rpm-ostree systems.
Owner
- Name: Pavel Březina
- Email: pbrezina@redhat.com
Current status
- Targeted release: Fedora Linux 36
- Last updated: 2022-01-31
- devel thread
- FESCo issue: #2741
- Tracker bug: <will be assigned by the Wrangler>
- Release notes tracker: <will be assigned by the Wrangler>
Detailed Description
Authselect is trying hard to avoid overwriting any potential user changes to the configuration that were not done through the authselect tool. If the content of the configuration has changed without authselect, any subsequent call to authselect refuses to overwrite the changes unless --force
parameter is given to the tool. This is to prevent destruction of any user configuration.
This behavior allows a "mixed" configuration where the original configuration was created by authselect and then modified by user. Authselect essentially stopped managing those files, but the files were still symbolic links to /etc/authselect
directory. The way how this is implemented also breaks authselect on ostree systems (BZ#2034360). Also, it is always quite difficult to explain this behavior to users and it seems to create more confusion then what is the benefit.
This behavior was important in the past to allow smooth and non-breaking transition to authselect. Fedora 36 encourages users to switch to authselect (if they haven't done that already), see Changes/Make_Authselect_Mandatory. This behavior is therefore no longer needed and we want to eliminate this mixed configuration and let users either use authselect or not, but nothing in between.
The behavior will change to:
- if
/etc/authselect/authselect.conf
exists and is valid then allauthselect
calls write the new configuration- authselect will overwrite user changes if there are any and will not require user's confirmation through
--force
parameter - content of the files is no longer checked, therefore the files under
/var/lib/authselect
are no longer needed (this will make authselect work on ostree systems)
- authselect will overwrite user changes if there are any and will not require user's confirmation through
- if
/etc/authselect/authselect.conf
does not exist or is corrupted, thenauthselect
will require--force
parameter - those users that don't want to have their configuration managed by
authselect
can callauthselect opt-out
- this will convert authselect configuration to non-authselect configuration (convert symbolic links to regular files and remove authselect.conf)
- the result is that users would either use
authselect
or not, nothing in between
Feedback
Benefit to Fedora
- The system configuration will be clear - it is either managed by authselect or not
- This makes authselect compatible with ostree model.
- The new behavior is more simple and similar to what users already know (for example how /etc/resolv.conf is managed)
Scope
- Proposal owners: Implement these changes.
- Other developers: N/A (not needed for this Change)
- Release engineering: #10544
- Policies and guidelines: N/A (not needed for this Change)
- Trademark approval: N/A (not needed for this Change)
- Alignment with Objectives: N/A
Upgrade/compatibility impact
No impact.
How To Test
- Authselect keeps working as expected after the upgrade
- Any user change is overwritten when authselect is called if the configuration is managed by authselect (
/etc/authselect/authselect.conf
exist and is valid)
User Experience
Users that do not want to use authselect must explicitly opt-out by calling authselect opt-out
. It is more clear how the authselect tool operates.
Dependencies
No dependencies.
Contingency Plan
- Contingency mechanism: N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change), Yes/No
Documentation
N/A (not a System Wide Change)
Release Notes
Users that do not want use authselect to manage their nsswitch and PAM configuration must explicitly opt-out by calling authselect opt-out