Hey All
Running Rocky 9.7. I want to manage my nsswitch.conf and pam files manually, so i need to stop authselect doing its thing. Running authselect op-out just returns the authselect help entry. What am i doing wrong here?
Valid options:
root@rocky9:~# authselect
Usage:
authselect COMMAND COMMAND-ARGS
Available commands:
- select Select profile
- apply-changes Regenerate configuration for currently selected command
- list List available profiles
- list-features List available profile features
- show Show profile information
- requirements Print profile requirements
- current Get identifier of currently selected profile
- check Check if the current configuration is valid
- test Print changes that would be otherwise written
- enable-feature Enable feature in currently selected profile
- disable-feature Disable feature in currently selected profile
- create-profile Create new authselect profile
Backup commands:
- backup-list List available backups
- backup-remove Remove backup
- backup-restore Restore from backup
Common options:
--debug Print error messages
--trace Print trace messages
--warn Print warning messages
Help options:
-?, --help Show this for a command
--usage Show brief usage message for a command
Valid profiles:
root@rocky9:~# authselect list
- minimal Local users only for minimal installations
- sssd Enable SSSD for system authentication (also for local users only)
- winbind Enable winbind for system authentication
so would suggest:
root@rocky9:~# authselect select minimal
Profile "minimal" was selected.
opt-out is not a valid parameter as you can see, so no idea where you got that from.
Googling returns multiple entries for using the opt-out command to stop using authselect all together, so does the authselect website. Selecting a minimal profile wouldn’t be enough. I need to disable it entirely
Yeah from a google opt-out is for RHEL10/Rocky 10. You have Rocky 9 so…
Tried with Rocky 10, does the same thing
root@rocky10:~# authselect opt-out
root@rocky10:~# authselect show
Missing option: Profile identifier.
~# authselect | grep opt-out
Usage:
authselect COMMAND COMMAND-ARGS
Available commands:
- select Select profile
- apply-changes Regenerate configuration for currently selected command
- list List available profiles
- list-features List available profile features
- show Show profile information
- requirements Print profile requirements
- current Get identifier of currently selected profile
- check Check if the current configuration is valid
- test Print changes that would be otherwise written
- enable-feature Enable feature in currently selected profile
- disable-feature Disable feature in currently selected profile
- create-profile Create new authselect profile
Backup commands:
- backup-list List available backups
- backup-remove Remove backup
- backup-restore Restore from backup
Other:
**- opt-out Opt-out from authselect managed configuration**
Common options:
--debug Print error messages
--trace Print trace messages
--warn Print warning messages
Help options:
-?, --help Show this for a command
--usage Show brief usage message for a command
here is opt-out on Rocky 10, and works fine for me.
Thanks for the responses. I would prefer to continue with 9.7. Is there no way of disabling authselect on that version?
man authselect writes:
OPT-IN TO AUTHSELECT
Authselect will not touch your existing configuration unless it has already been created by it.
Would creating a custom authselect profile, address your desire to manage nsswitch.conf and pam files manually?
Looks like i’m going to have to go that way 
I was trying to avoid having to change a bunch of automation but now looks unavoidable.
Thanks All for the helps
I have systems, where I have never called authselect. (Practically all of them.) If I do configure something, it is by editing the config files directly (with Ansible playbooks – a bunch of automation).
If I do check status with authselect, then it says effectively: “I haven’t touched this”. In other words, authselect is an opt in.