Pádraig Brady wrote: > Jim Meyering wrote: > > Can anyone present a case for *not* making this change?
This is also controlled by /etc/nsswitch.conf. A typical configuration would always search local files first and then search network configuration after failing to get a local answer. (In the case of 'chown 0:0' this typically searches the network after searching local files.) For example in file /etc/nsswitch.conf any of the next would be fairly normal configurations. passwd: compat Or: passwd: files nis Or: passwd: files ldap The only way to trigger the originally reported behavior of doing a network lookup for 0:0 and causing a boot time problem is if the system either a) does not have a zero entry in their local /etc/passwd file or b) if the /etc/nsswitch.conf file is misconfigured to search the network first as in this (bad) example. passwd: ldap files # bad override of local with network I strongly believe that not having a root entry in the local password file is a wrong configuration. I strongly believe that configuring a network override of local files is a wrong configuration. At boot time when the network is not yet configured the local file will be searched first, then the network will be attempted but will fail without delay. The values of 0:0 will resolve to root:root from the data in the local file. The operation will proceed. After boot with the networking fully configured and a network database such as ldap or nis configured a the values of 0:0 will also search the network database. It must do this because a user name of 0 may be configured in the network database. If that is so then the translation for user name zero must occur. (However I would also consider that at the least an insane configuration too.) Unless you want to make user name 0 uniquely special as compared to other user names such as user name 1423. And if so then should user names below a configurable system threshold designating system users also be special? How will this configuration value be configured into chown? It suddenly becomes a bigger issue. Once you make the name 0 special then a lot of other things in that area suddenly also need to be special too that never needed it before. I would not go there. Therefore I don't see how these steps can be avoided. A script wishing to be completely local should use 'chown root:root' and the system should have a root /etc/passwd entry and /etc/nsswitch.conf should search local files before network databases. > > Or maybe -- easiest of all -- just don't change anything :-) > > I wouldn't change it. I also vote not to change it. Bob
