/usr/lib vs /etc/ld.so.conf.d

Question

TL;DR Why is it better to place a symlink to a shared library at /etc/lib(64)/ or why is it better to create a *.conf file in /etc/ld.so.conf.d/

---

.conf file

Assuming i have my custom binary at /opt/foo/, shipping with it's own shared libraries. The common way (known to me) is to place a file at /etc/ld.so.conf.d/foo.conf like follows:

# Link foo libraries. This file is included in /etc/ld.so.conf
/opt/foo/lib
/opt/foo/otherlibs

and run ldconfig afterwards.

symlinks

But I found out that I can also link my libraries into /usr/lib (or lib64) like this:

for f in /etc/foo/{lib,otherlibs}/*; do
  ln -s $f /usr/lib64/$(basename $f)
done

and I won't have to run ldconfig afterwards.

What are the pros/cons of these two ways?

I can imagine that the "symlink"-way isn't very nice to handle when uprading the application or the library versions. In general, the ".conf"-way seems more modular and more Linux-ish to me.

I occasionally came across this because we have to encrypt (and only decrypt at runtime) a specific library. ldconfig doesn't recognize the library when encrypted (still in ELF format) so the only suitable way to me was to place a link to the specific *.so file in /usr/lib64

Answer 1

As a general rule, everything under /usr apart from /usr/local “belongs” to your distribution. You should avoid adding files (even symlinks) there.

Adding a new configuration file to /etc/ld.so.conf.d is more maintainable: your changes aren’t liable to be undone by the package manager, but they are easily manageable by any system administrator.

Addressing your encryption requirement in a clean way would be more involved; one approach could be to have a stub library, in a directory specified by a file in /etc/ld.so.conf.d, and have that take care of the decryption at runtime.