[gentoo-dev] Use acct-* for qmail users

[gentoo-dev] Use acct-* for qmail users

[Rolf Eike Beer]

[-- Attachment #1: Type: text/plain, Size: 250 bytes --]

I have created a PR here that removes manual creation of users and groups from 
qmail.eclass and uses acct-* for that. There are already fixed uids and gids 
for these things, I just put them into ebuilds:

https://github.com/gentoo/gentoo/pull/12898

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

Re: [gentoo-dev] Use acct-* for qmail users

[Mike Gilbert]

On Tue, Sep 10, 2019 at 11:48 AM Rolf Eike Beer <eike@sf-mail.de> wrote:
>
> I have created a PR here that removes manual creation of users and groups from
> qmail.eclass and uses acct-* for that. There are already fixed uids and gids
> for these things, I just put them into ebuilds:
>
> https://github.com/gentoo/gentoo/pull/12898

Do the users actually need home directories?

Please see Michael Orlitzky's proposed guidelines.

https://archives.gentoo.org/gentoo-dev/message/fc55ac57cd92d9c1e156d13c882b08cf

Re: [gentoo-dev] Use acct-* for qmail users

[Rolf Eike Beer]

[-- Attachment #1: Type: text/plain, Size: 694 bytes --]

Am Dienstag, 10. September 2019, 21:14:51 CEST schrieb Mike Gilbert:
> On Tue, Sep 10, 2019 at 11:48 AM Rolf Eike Beer <eike@sf-mail.de> wrote:
> > I have created a PR here that removes manual creation of users and groups
> > from qmail.eclass and uses acct-* for that. There are already fixed uids
> > and gids for these things, I just put them into ebuilds:
> > 
> > https://github.com/gentoo/gentoo/pull/12898
> 
> Do the users actually need home directories?
> 
> Please see Michael Orlitzky's proposed guidelines.
> 
> https://archives.gentoo.org/gentoo-dev/message/fc55ac57cd92d9c1e156d13c882b0
> 8cf

I'm not entirely sure. It's what qmail always has done and what the eclass 
also did.

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

Re: [gentoo-dev] Use acct-* for qmail users

[Michael Orlitzky]

On 9/10/19 4:25 PM, Rolf Eike Beer wrote:
> 
> I'm not entirely sure. It's what qmail always has done and what the eclass 
> also did.
> 

This is suggested by the qmail documentation,

  http://lifewithqmail.org/lwq.html#create-users

...but goes back to at least 1998, and likely earlier. I grepped the
source and don't see any obvious uses of $HOME. It was probably
suggested by DJB simply because it's a directory, and guaranteed to
exist on the various platforms that qmail supported at the time.

It would be best if someone who runs qmail could change them all to
/dev/null and see if anything breaks. The home directory is already
unwritable, and none of the users have shells, so I'm optimistic.

At present, the following code is repeated six times,

  ACCT_USER_HOME=/var/qmail
  ACCT_USER_HOME_OWNER=root:qmail
  ACCT_USER_HOME_PERMS=0755
  ACCT_USER_GROUPS=( nofiles )

and you have to keep them in sync for eternity. It would be less
error-prone if you could create that directory (and /var/qmail/alias)
only once, in the qmail ebuild, since that's the package that uses those
directories.

Re: [gentoo-dev] Use acct-* for qmail users

[Rolf Eike Beer]

[-- Attachment #1: Type: text/plain, Size: 758 bytes --]

Am Mittwoch, 11. September 2019, 00:54:39 CEST schrieb Michael Orlitzky:
> On 9/10/19 4:25 PM, Rolf Eike Beer wrote:
> > I'm not entirely sure. It's what qmail always has done and what the eclass
> > also did.
> 
> This is suggested by the qmail documentation,
> 
>   http://lifewithqmail.org/lwq.html#create-users
> 
> ...but goes back to at least 1998, and likely earlier. I grepped the
> source and don't see any obvious uses of $HOME. It was probably
> suggested by DJB simply because it's a directory, and guaranteed to
> exist on the various platforms that qmail supported at the time.

I have tested it without a home directory on 2 of my machines and it seems 
like it works fine. I have removed the home directory from the patches.

Greetings,

Eike

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

Re: [gentoo-dev] Use acct-* for qmail users

[Rolf Eike Beer]

[-- Attachment #1: Type: text/plain, Size: 857 bytes --]

Am Donnerstag, 12. September 2019, 18:38:30 CEST schrieb Rolf Eike Beer:
> Am Mittwoch, 11. September 2019, 00:54:39 CEST schrieb Michael Orlitzky:
> > On 9/10/19 4:25 PM, Rolf Eike Beer wrote:
> > > I'm not entirely sure. It's what qmail always has done and what the
> > > eclass
> > > also did.
> > 
> > This is suggested by the qmail documentation,
> > 
> >   http://lifewithqmail.org/lwq.html#create-users
> > 
> > ...but goes back to at least 1998, and likely earlier. I grepped the
> > source and don't see any obvious uses of $HOME. It was probably
> > suggested by DJB simply because it's a directory, and guaranteed to
> > exist on the various platforms that qmail supported at the time.
> 
> I have tested it without a home directory on 2 of my machines and it seems
> like it works fine. I have removed the home directory from the patches.

Ping?

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

Re: [gentoo-dev] Use acct-* for qmail users

[Mike Gilbert]

On Sun, Sep 15, 2019 at 5:10 AM Rolf Eike Beer <eike@sf-mail.de> wrote:
>
> Am Donnerstag, 12. September 2019, 18:38:30 CEST schrieb Rolf Eike Beer:
> > Am Mittwoch, 11. September 2019, 00:54:39 CEST schrieb Michael Orlitzky:
> > > On 9/10/19 4:25 PM, Rolf Eike Beer wrote:
> > > > I'm not entirely sure. It's what qmail always has done and what the
> > > > eclass
> > > > also did.
> > >
> > > This is suggested by the qmail documentation,
> > >
> > >   http://lifewithqmail.org/lwq.html#create-users
> > >
> > > ...but goes back to at least 1998, and likely earlier. I grepped the
> > > source and don't see any obvious uses of $HOME. It was probably
> > > suggested by DJB simply because it's a directory, and guaranteed to
> > > exist on the various platforms that qmail supported at the time.
> >
> > I have tested it without a home directory on 2 of my machines and it seems
> > like it works fine. I have removed the home directory from the patches.
>
> Ping?

I still see ACCT_USER_HOME=/var/qmail/alias in acct-user/alias.

Also, please do not add packages with no maintainer listed in
metadata.xml. You can list yourself + proxy-maint at least. If you
don't want to maintain them, you'll need to find someone else to do
it.

Re: [gentoo-dev] Use acct-* for qmail users

[Rolf Eike Beer]

[-- Attachment #1: Type: text/plain, Size: 1686 bytes --]

Am Sonntag, 15. September 2019, 17:29:11 CEST schrieb Mike Gilbert:
> On Sun, Sep 15, 2019 at 5:10 AM Rolf Eike Beer <eike@sf-mail.de> wrote:
> > Am Donnerstag, 12. September 2019, 18:38:30 CEST schrieb Rolf Eike Beer:
> > > Am Mittwoch, 11. September 2019, 00:54:39 CEST schrieb Michael Orlitzky:
> > > > On 9/10/19 4:25 PM, Rolf Eike Beer wrote:
> > > > > I'm not entirely sure. It's what qmail always has done and what the
> > > > > eclass
> > > > > also did.
> > > > 
> > > > This is suggested by the qmail documentation,
> > > > 
> > > >   http://lifewithqmail.org/lwq.html#create-users
> > > > 
> > > > ...but goes back to at least 1998, and likely earlier. I grepped the
> > > > source and don't see any obvious uses of $HOME. It was probably
> > > > suggested by DJB simply because it's a directory, and guaranteed to
> > > > exist on the various platforms that qmail supported at the time.
> > > 
> > > I have tested it without a home directory on 2 of my machines and it
> > > seems
> > > like it works fine. I have removed the home directory from the patches.
> > 
> > Ping?
> 
> I still see ACCT_USER_HOME=/var/qmail/alias in acct-user/alias.

This is not /var/qmail as for the other ones, but indeed the mail distribution 
user of qmail. The home directory is actually needed as this user receives all 
mail that cannot be delivered otherwise and can be rerouted from that home 
directory.

> Also, please do not add packages with no maintainer listed in
> metadata.xml. You can list yourself + proxy-maint at least. If you
> don't want to maintain them, you'll need to find someone else to do
> it.

Hijacking qmail is a different story, I will care for that soon ;)

Eike

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

Re: [gentoo-dev] Use acct-* for qmail users

[Peter Stuge]

Mike Gilbert wrote:
> Do the users actually need home directories?

Technically probably no, but ~qmail is easier to type than /var/qmail.

TBH I actually always type it out anyway.


Mike Gilbert wrote:
> If you don't want to maintain them, you'll need to find someone else
> to do it.

If noone else wants to take this then you can add me as proxied maintainer.


//Peter

Re: [gentoo-dev] Use acct-* for qmail users

[Mike Gilbert]

On Sun, Sep 15, 2019 at 5:17 PM Rolf Eike Beer <eike@sf-mail.de> wrote:
> Am Sonntag, 15. September 2019, 17:29:11 CEST schrieb Mike Gilbert:
> > I still see ACCT_USER_HOME=/var/qmail/alias in acct-user/alias.
>
> This is not /var/qmail as for the other ones, but indeed the mail distribution
> user of qmail. The home directory is actually needed as this user receives all
> mail that cannot be delivered otherwise and can be rerouted from that home
> directory.

Thanks for clarifying. No further objection from me in that case.

Re: [gentoo-dev] Use acct-* for qmail users

[Mike Gilbert]

On Sun, Sep 15, 2019 at 6:08 PM Peter Stuge <peter@stuge.se> wrote:
> Mike Gilbert wrote:
> > If you don't want to maintain them, you'll need to find someone else
> > to do it.
>
> If noone else wants to take this then you can add me as proxied maintainer.

Thanks, but I'm not personally interested in proxying commits for
qmail. You can work with the proxy-maint project if nobody else wants
to do it.

https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers/User_Guide#How_to_become_a_proxied_maintainer

Re: [gentoo-dev] Use acct-* for qmail users

[Rolf Eike Beer]

[-- Attachment #1: Type: text/plain, Size: 215 bytes --]

> Also, please do not add packages with no maintainer listed in
> metadata.xml. You can list yourself + proxy-maint at least. If you
> don't want to maintain them, you'll need to find someone else to do
> it.

Done.

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

Re: [gentoo-dev] Use acct-* for qmail users

[Rolf Eike Beer]

[-- Attachment #1: Type: text/plain, Size: 305 bytes --]

Am Mittwoch, 18. September 2019, 21:51:41 CEST schrieb Rolf Eike Beer:
> > Also, please do not add packages with no maintainer listed in
> > metadata.xml. You can list yourself + proxy-maint at least. If you
> > don't want to maintain them, you'll need to find someone else to do
> > it.
> 
> Done.

Ping?

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 195 bytes --]