On Fri 20 Jun 2025 at 12:12:09 (-0400), Jeffrey Walton wrote: > On Fri, Jun 20, 2025 at 11:53 AM Greg Wooledge wrote: > > On Fri, Jun 20, 2025 at 11:40:59 -0400, Jeffrey Walton wrote: > > > On Fri, Jun 20, 2025 at 11:30 AM <to...@tuxteam.de> wrote: > > > > On Fri, Jun 20, 2025 at 11:06:51AM -0400, Jeffrey Walton wrote: > > > > > On Fri, Jun 20, 2025 at 10:37 AM Greg Wooledge wrote: > > > > > > On Fri, Jun 20, 2025 at 10:15:47 -0400, Jeffrey Walton wrote: > > > > > > > SSH config files are located in /etc, too. But admins are > > > > > > > expected to > > > > > > > make changes to /etc/ssh/sshd_config.d/, and not > > > > > > > /etc/ssh/sshd_config. > > > > > > > > > > > > That's definitely false. > > > > > > > > > > You will absolutely lose your sshd_config when the package is upgraded > > > > > and you choose the maintainers version of the file. > > > > > > > > No. > > > > > > > > You will be asked, as for every conffile. > > > > > > Please don't do that selective quoting found in dumpster fires like > > > social media: "... and you choose the maintainers version of the > > > file." > > > > You're missing the point. The point is you are ASKED whether you want > > to keep your modified conffile or replace it with the maintainer's > > version. The DEFAULT is to keep your modified file. > > I'm not going to argue the problems with this. > > > If you select to replace it, then sure, you'll "lose" your modifications, > > except that they're actually saved for you (your modified file is simply > > renamed), so you can still review it and manually edit the new file. > > I'm not going to argue the problems with this. > > > So, your argument is a straw man. You're saying that if you do a > > sequence of bad things that are not the default, but something you've > > explicitly chosen of your own free will, that your life will be slightly > > less convenient. Sure, that's true. But you could also just NOT do > > those things. > > I'm not going to argue the problems with this. > > > Also, the OTHER point you got wrong is where you claim "admins are > > expected to make changes to *.d". That's simply incorrect. Admins > > are expected to make changes to sshd_config just like they've always > > done, ever since long before *.d was invented. That's why the packaging > > system ASKS you about your modified conffile and protects it with > > multiple layers of insurance. > > Unfortunately, I cannot find a Debian specific article on > configuration directories.
Why should there be one? Configuration directories and the rules for using them are properties of the packages that own them, not the distribution. > However, Red Hat has "Linux configuration: > Understanding *.d directories in /etc," > <https://www.redhat.com/en/blog/etc-configuration-directories>. Which makes that point: "While dot-d directories have common use cases for assisting with organization and distribution, there are many different ways of handling the includes. For each application or utility, we need to determine how best to name our files. Some configurations only recognize files with a specific extension, such as .conf, while others reference all files in the directory." So it's not possible to generalise, and the articles you seek are the manpages. > Now > that we have configuration directories, admins are expected to make > their changes in them so: > > Instead of editing this single file each time an application > is added or updated on the system, we separate the > configuration for each application to a specific file. I think the point has already been made in the thread that one package can't change the conffile of another package, according to Debian policy, and .d/ directories facilitate avoiding that necessity. > The point is, you don't want to do gyrations on updates, like copying > fragments of an old config into a new config. As a Stable user, it's difficult to recall ever having to perform gyrations. The dialogue discussed above only occurs when both the sysadmin and the package maintainer have changed the conffile. Perhaps those two conditions are true a little more more frequently for testing/unstable users, but that is what they've signed up for. > > The entire system was designed and built around the idea that conffiles > > would be hand edited and must be preserved. And for Debian, one documentation source is §5 of the Policy Manual, in /usr/share/doc/debian-policy/policy.html/ap-pkg-conffiles.html. And for those who feel that all changes should be made in .d/ directories and not the conffiles themselves, one kicker is here: "However, note that dpkg will not replace a conffile that was removed by the user (or by a script). This is necessary because with some programs a missing file produces an effect hard or impossible to achieve in another way, so that a missing file needs to be kept that way if the user did it." Cheers, David.
