Re: Editfiles Considered Harmful (was: Re: Complex Editfiles Examples)

[Paul Heinlein]

On Fri, 5 Dec 2003, Jamie Wilkinson wrote:

> The real reason for me using editfiles over copy for managing
> configuration is that sometimes the values being set differ per
> machine, which makes a single file less useful.  I certainly use
> copy for every file that I want identical across all machines, but
> these files are rarely configuration files.

imo, it would be *so* helpful if any configuration file had a method
for including other configs. That way, site-wide policies can be
distributed via a main file (using, e.g, copy:) and host- or
arch-specific stuff can be handled via a mechanism like editfiles.

There are plenty of good examples of this sort of thing:

* Apache's Include directive

* Red Hat's habit of sourcing /etc/sysconfig files in its init
  scripts

* ntpd's includefile directive

* the BSD way of sourcing rc.conf.local from rc.conf

I can see how this sort of mechanism can be abused, but it sure makes
it easy for me to separate the universal from the particular.

Currently, we're running into this with sshd. Our site-wide policies
are easy to define, but we've got to maintain a myriad of sshd_config
files because simple things like PrintMotd, SyslogFacility, and
Subsystem vary from OS to OS. Sigh.

-- Paul Heinlein <heinlein@cse.ogi.edu>