FW: FW: Shibboleth - Default installation

Peter Schober peter.schober at univie.ac.at
Thu Apr 9 14:00:50 EDT 2020

* Alan Buxey <alan.buxey at myunidays.com> [2020-04-09 18:58]:
> the idea of all added application software living in their own /opt/
> spaces this leaving the rest of the filesystem perky for operating
> system purposes kept the OS easier to maintain and lockdown

Not that any of this this matter here, but I disagree: I *want* to
know which part of the OS will grow due to application data or log
files (think /var), which should be kept static/read-only for security
reasons (except during upgrades, think /usr), where configuration
files live changeable by the deployer (/etc), where log files (and
eternally growing data needs) will end up, etc.
This distiction doesn't go away with the move to containers, it's
reinforced: Logs will be lost until you take care to ship them
elsewhere, you need separate data volumes/containers or the
application data is lost on shutdown, etc.pp.

Lumping executables, libraries, configuration, application data all
together into one place such as /opt does nothing to make such a
system easier to maintain but removes useful distictions -- for hardly
any benefit. (Of you want to know where all stuff from an rpm-packaged
software lives just ask rpm.)
It's not aynthing you lump into /opt is magically guaranteed to be
re-loctable or independent of files from the rest of the file system,
not from system libraries, possibly not state, temp files, etc.

But I'm sure there are library walls full of literature about systems
design, none of which I have seen even from afar. :)

More information about the users mailing list