Closed septatrix closed 4 months ago
In the spec file, I would suggest to use %{_unitdir}/auditd.service.d
directory, which would expand to /usr/lib/systemd/system/auditd.service.d
.
I would recommend against that as /usr
is supposed to control the default data from the packages/distribution while sysadmins should apply configuration to /etc
. In some systems /usr
is even readonly for security and robustness. For the same reason systemctl edit
also puts drop-ins under /etc
Sorry, poor choice of words on my side. You are right that modifications to the service file done by sysadmins should be applied to configurations in /etc
.
I just wanted to note that there is the audit.spec file (https://github.com/linux-audit/audit-userspace/blob/master/audit.spec#L221) that can be used to build the RPMs. There, we should use /usr
.
I would hope that people understand the hints and do the right thing. Just in case, I updated the comments to explain to override only the necessary lines and consult systemd documentation if unsure.
Not hearing any objections or change requests for the latest text added to the service file. I assume it is now fixed. Closing this issue. Feel free to re-open if there's more to discuss.
The systemd unit file shipped by this project recommends to copy the whole unit only to adjust some ordering properties when using remote logging. This is discouraged as updates of the original file by the distribution are no longer reflected. Instead, it should recommend to create a drop in file using
systemctl edit
or manually be creating the file under/etc/systemd/system/auditd.service.d/adjust-ordering-for-remote-logging.conf
.