[PC-BSD Testing] System Ports Clobbering and LDAP oh my!

Kris Moore kris at pcbsd.org
Wed Jun 6 10:20:53 PDT 2012


On 06/06/2012 09:29, Eric Crist wrote:
> On Jun 6, 2012, at 08:25:27, Kris Moore wrote:
>
>> On 06/05/2012 14:35, Eric Crist wrote:
>>> Kris, all,
>>>
>>> I was asked to post this here, so please feel free to direct all flames toward Dru.  It's her fault. :)
>>>
>>> We have a couple PC-BSD systems that were installed and configured back in the middle of December, 2011.  The configuration included all my rain dances to get LDAP configured for authentication, groups, and sudo.  Today, upon doing what ever updates were needed between December 15 and now, all off our PAM configs were reset, and a series of ports we installed in base, were removed.  This includes pam_ldap, nss_ldap, pam_mkhomedir, and others.
>>>
>>> I think the update procedure should do similar to mergemaster, and if a file has been changed, leave it alone.  The end result today was a user, after applying system updates, could not get into their own system.  We do not give out the system root credentials.
>>>
>>> Please let me know what the canonical way to do these configurations is, or what I can do to help you develop an update mechanism that is a bit more safe.
>>>
>> I'll be happy to give you a hand with this. What kind of updates did you
>> specifically do? Did you go from 9.0 -> 9-STABLE? Or was it just the
>> "freebsd-update" stuff that was applied? I've not issued any patches for
>> 9.0 which monkey around in /etc yet.
> Unfortunately, I don't recall the specific update.  The machine in question had been sitting on a shelf since initial install and configuration, and I just deployed it.  I do remember that there were three updates listed, a security update, something else, and a system upgrade.  The system upgrade was what was selected.  It took nearly 2 hours to download, and another 45 minutes to install after a reboot.
>
> There were PAM configs in /etc/pam.d as well as /usr/local/etc/pam.d that were defaulted.  Is there a log for the updater, so I can see what was done?
> -----
> Eric F Crist
>

Ok, that helps. It was the system upgrade that clobbered your files.
That's when you move versions from 8.1 -> 8.2, or 8.2 -> 9.0, etc.

I don't have a log file, but if you send me the list of files you need
excluded, I'll be sure to add them to the exclude list we keep for
upgrades.

-- 
Kris Moore
PC-BSD Software
iXsystems



More information about the Testing mailing list