[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: BerkeleyDB and config files



On Thu, 2004-10-14 at 06:50, Michael A. Peters wrote:
> I'd like to suggest a change to the way Fedora Core does some things.
> I'm not talking about "standard" linux config files like /etc/passwd or / 
> etc/group or /etc/fstab (though the latter would be nice) - I'm talking  
> about Fedora (and RH I suppose since Fedora has become a RH test bed)  
> specific configuration files, such as /etc/security/console.perms and / 
> etc/sysconfig/network-scripts/ifcfg-[iface] type stuff.
> 
> Rather than store them in flat files, which have different  
> configuration parameters depending upon the file etc., use (maybe  
> optionally) BerkeleyDB.

Just to point that I don't like central configuration databases, and I
don't think it's the way to go.

They're single failure points for the whole system. 

In fact with current selinux improvements, you will not be able to have
a central database for all the system, but some smaller databases with
different security contexts, to manage MAC on different roles.

With this scenario, I don't see any improvements with this changes.

Flat files are pretty nice to manage/label.

> bdb is already needed for the rpm database, so a Fedora system will  
> have bdb installed.
> 
> Both Python and Perl (as well as many other languages) already have  
> good bdb interfaces, and both Python and Perl also have gtk+ bindings  
> too.

What's sure is any scripting language will support open/write/read
operations on flat files.

> If an embedded database was available for storing the configuration  
> information, it would be simpler for packagers to script additions to  
> those files, if necessary - IE the rpm for TiLP (software for talking  
> to a Ti graphing calculator) could easily add (if needed) a <ticalc>  
> class to console.perms with the necessary device node entries, and then  
> add the needed permission definitions for the device class.
> 
> It also would allow gui administration for some configuration nodes for  
> which there is not a gui. Kind of like how I can change some things in  
> gnome using gconf-editor for which there isn't an existing control  
> panel ready made for the task.

You'll need a central database for this. You'll need to label this
central database, and you'll loose selinux capabilities to use different
security contexts per configuration file.

Or may be BerkletDB can assign different security contexts to different
database entries/tables ?
 
> It also would make it easier for network administrators who set up box  
> after box with needs to customize some of the default configurations to  
> do so - after the install, a single documented script makes the needed  
> entries/changes to the database and it's done.

A plain python - or shell, or Perl, ... - script can do the job on flat
files also.
-- 
Iago Rubio         
- GPG Keyserv  * pgp.rediris.es id=0x909BD4DD


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]