Summary: | emerge ucspi-tcp,qmail,netqmail should add /service to CONFIG_PROTECT | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | henrik <boaworm> |
Component: | [OLD] Server | Assignee: | Qmail Team (OBSOLETE) <qmail-bugs+disabled> |
Status: | RESOLVED WONTFIX | ||
Severity: | minor | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
henrik
2005-06-23 02:36:08 UTC
This is even a bit creepier than I first realised:
---
..
>>> No outdated packages were found on your system.
* GNU info directory index is up-to-date.
* IMPORTANT: 1 config files in /etc need updating.
* IMPORTANT: 2 config files in /var/qmail/control need updating.
* Type emerge --help config to learn how to update config files.
# etc-update
Scanning Configuration files...
Automerging trivial changes in: conf-qmqpd
Automerging trivial changes in: conf-qmtpd
The following is the list of files which need updating, each
configuration file is followed by a list of possible replacement files.
1) /etc/cron.hourly/qmail-genrsacert.sh
/etc/cron.hourly/._cfg0000_qmail-genrsacert.sh
Please select a file to edit by entering the corresponding number.
(don't use -3 or -5 if you're unsure what to do)
(-1 to exit) (-3 to auto merge all remaining files)
(-5 to auto-merge AND not use 'mv -i'): -5
Replacing /etc/cron.hourly/qmail-genrsacert.sh with /etc/cron.hourly/._cfg0000_qmail-genrsacert.sh
Exiting: Nothing left to do; exiting. :)
#
----
The above is _with_ the CONFIG_PROTECT="/service", and etc-update still overwrites the /service/
qmail-<service>d/run files without any notification, warning, or asking me if I want to.
It's not /service you should protect but /var/qmail/supervise is you want to prevent your run files to be overwritten. Nothing should directly exist in /service. You should only have symlinks in there. If you customize things in /var/qmail/service, then use customize your CONFIG_PROTECT as well. The average user of qmail will NOT be changing the service scripts himself, so having then in CONFIG_PROTECT is counter-productive. And FYI, reverse DNS not matching is extremely unreliable - there are plenty of spammers with perfectly valid reverse DNS, and real users with no reverse DNS (due to ISP policies). |