Modern versions of Unix are more adjustable than they used to be
One of the slow changes in modern Unix over the past ten to fifteen years has been a significant increase in modularity and with it how adjustable a number of core things are without major work. This has generally not been something that ordinary users notice because it happens at the level of system-wide configuration.
Undoubtedly this all sounds abstract, so let's get concrete. The
first example here is the relative pervasiveness of PAM. In
the pre-PAM world, implementing additional password strength checks
or special custom rules for who could su
to who took non-trivial
modifications to the source for passwd
and su
(or sudo
). In the
modern world both are simple PAM modules, as is things like taking
special custom actions when a password is changed.
My next example is nsswitch.conf
. There was a day in the history
of Unix when adding DNS lookups to programs required recompiling
them against a library with a special version of gethostbyname()
et al. These days, how any number of things get looked up is not
merely something that you can configure but something you can control;
if you want or need to, you can add a new sort of lookup yourself
as an aftermarket do it yourself thing. This can be exploited for
clever hacks that don't require
changing the system's programs in any particular way, just exploiting
how they work (although there are limits imposed by this approach).
(Actually now that I'm writing this entry I'm not sure that there have been any major moves in this sort of core modularity beyond NSS and PAM. Although there certainly are more options for things like your cron daemon and your syslog daemon if you feel like doing wholesale replacement of programs.)
One of the things that these changes do is they reduce the need for operating system source since they reduce your need for custom versions of operating system commands.
(Of course you can still wind up needing OS source in order to figure out how to write your PAM or NSS module.)
Sidebar: best practices have improved too
One of the practical increases in modularity has come from an increasing
number of programs (such as many versions of cron
) scanning
directories instead of just reading a file. As we learned starting
no later than BSD init versus System V init, a bunch of files in a
directory is often easier to manage than a monolithic single file
because you can have all sorts of people dropping files in and updating
their own files without colliding with each other. Things like Linux
package management have strongly encouraged this approach.
|
|