== Modern versions of Unix are more adjustable than they used to be

One of the slow changes in modern Unix over the past ten to fifteen
years has been a significant increase in modularity and with it how
adjustable a number of core things are without major work. This has
generally not been something that ordinary users notice because it
happens at the level of system-wide configuration.

Undoubtedly this all sounds abstract, so let's get concrete. The
first example here is the relative pervasiveness of [[PAM
http://en.wikipedia.org/wiki/Pluggable_authentication_module]].  In
the pre-PAM world, implementing additional password strength checks
or special custom rules for who could _su_ to who took non-trivial
modifications to the source for _passwd_ and _su_ (or _sudo_). In the
modern world both are simple PAM modules, as is things like taking
special custom actions when a password is changed.

My next example is _nsswitch.conf_. There was a day in the history
of Unix when adding DNS lookups to programs required recompiling
them against a library with a special version of _gethostbyname()_
et al.  These days, how any number of things get looked up is not
merely something that you can configure but something you can control;
if you want or need to, you can add a new sort of lookup yourself
as an aftermarket do it yourself thing. This can be exploited for
[[clever hacks ../solaris/CustomMountAuthorization]] that don't require
changing the system's programs in any particular way, just exploiting
how they work (although [[there are limits imposed by this approach
../solaris/CustomMountAuthLimits]]).

(Actually now that I'm writing this entry I'm not sure that there have
been any major moves in this sort of core modularity beyond NSS and
PAM. Although there certainly are more options for things like your
cron daemon and your syslog daemon if you feel like doing wholesale
replacement of programs.)

One of the things that these changes do is they reduce the need for
operating system source since they reduce your need for custom versions
of operating system commands.

(Of course you can still wind up needing OS source in order to figure
out how to write your PAM or NSS module.)

=== Sidebar: best practices have improved too

One of the practical increases in modularity has come from an increasing
number of programs (such as many versions of _cron_) scanning
directories instead of just reading a file. As we learned starting
no later than BSD init versus System V init, a bunch of files in a
directory is often easier to manage than a monolithic single file
because you can have all sorts of people dropping files in and updating
their own files without colliding with each other. Things like Linux
package management have strongly encouraged this approach.