logoalt Hacker News

bayindirhyesterday at 2:05 PM3 repliesview on HN

> PAM is indeed a minefield.

I'd not label it such, but as "critical infrastructure". The problem in your case actually was not in PAM but in pacman. For example, apt and yum/dnf checks whether the checksum of the file being changed is different from the original (provided by the package). In standard configuration, apt asks what to do, dnf just puts the file with .rpmnew extension to prevent these kinds of problems.

pacman's "I don't care, this is the new file and I overwrite what I see" is very dangerous behavior.

Replies

sudahtigabulanyesterday at 2:17 PM

Pacman does check for changes in configuration files, and adds .pacnew files instead of overwriting them:

https://wiki.archlinux.org/title/Pacman/Pacnew_and_Pacsave

busterarmyesterday at 4:07 PM

Even configuring PAM to get what I wanted to begin with was somewhat of an ordeal and took a few tries where I locked myself out of the system as I was building it before I eventually got it right.

Also my problem wasn't really pacman either. It was full disk encryption.

show 1 reply
SSLyyesterday at 2:14 PM

pacman puts `.pacnew` files just like RPM does.