# Shared configuration files: login.conf, auth.conf....



## cr0hn (Jul 25, 2012)

Hello,

I'm trying to deploy a web server architecture and I would like to share some system configuration files (for easily maintenance), like: login.conf, auth.conf, sysctl.conf, ttys. 

My machine has 2 harddisks. One with base system, and other with above files. In my /etc I link the files to the shared folder, in second disk, like this:

```
/etc/login.conf -> /mnt/shared/system/etc/login.conf
/etc/auth.conf -> /mnt/shared/system/etc/auth.conf
....
```
The problem: When I start the machine, this error is displayed and I can't login:

```
"....
_secure_path: /etc/login.conf is not regular file
_secure_path: /etc/auth.conf is not regular file
 ..."
```
Any ideas?

Thanks!


----------



## cr0hn (Jul 25, 2012)

Sorry, I put new thread in response to my own thread and I don't know how to delete it.


----------



## usdmatt (Jul 25, 2012)

It looks like the system is making sure the configuration files are secure. Looking at the source for _secure_path it wants them to be normal files, owned by a specified user & group, and only writable by the owner.

Please also be advised that FreeBSD expects /etc to be part of the / filesystem and accessible early during boot. Many files are accessed in there before any of the other local filesystems are mounted. We had another user on here a while back who was also getting into a load of trouble because he was trying to make /etc a separate mount.

I would suggest you find a different way of maintaining the configuration files. Maybe have a folder tree on one of the servers (or a separate 'configuration' server) that matches the layout of /etc, containing just the files you want shared. You can then use something like net/rsync to 'pull' the config files into /etc on the live servers. Obviously security of the master files would need to be handled carefully if you share anything that affects logins/access.

There are also tools in ports to simplify management of many servers but I've never used any of these myself.


----------



## wblock@ (Jul 25, 2012)

One of the BSDCan talks used one big rc.conf for a bunch of servers:
http://www.youtube.com/watch?v=u3C4vwYABS8&list=PL4A10C737F224D0DC&index=22&feature=plpp_video
It starts slow but then gets pretty interesting.


----------



## SirDice (Jul 25, 2012)

The way we do it is we have everything stored in a central CVS server. That allows us to keep track of changes (and back out easily in case of problems). A script on each machine checks out the production tagged files and copies them to the correct place. It takes a bit of fiddling but it works quite well.


----------



## toddnni (Jul 25, 2012)

You might want to try sysutils/cfengine3. cfengine is not only quite easy to configure for your current needs, but it is also a good tool for more advanced configurations in the future.


----------



## cr0hn (Jul 26, 2012)

Many thanks for your responses and ideas! I will try it.


----------



## redw0lfx (Jul 26, 2012)

You can also try out sysutils/rubygem-chef-server which is just like sysutils/cfengine3, but have found it to be a bit quicker and simpler to setup.


----------



## fluca1978 (Jul 27, 2012)

It is not an option for /etc, since it has to be _mounted_ with /, but in similar situation a _nullfs_ mount would do the trick. 
However, for configuration files we too use a set of scripts that auto-upload and track versions from a centralized repository.


----------

