[gentoo-dev] RFC: UID/GID assignment for dovecot (76)

[gentoo-dev] RFC: UID/GID assignment for dovecot (76)

[Eray Aslan]

[-- Attachment #1: Type: text/plain, Size: 273 bytes --]

I would like to reserve UID/GID 76 for dovecot (net-mail/dovecot)

This id differs from what we have provided historically (97) but gid/97
is used by acct-group/input.  So use 76 instead.

This id is the same in Arch (76) but differs from Redhat (97).

-- 
Eray


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 636 bytes --]

Re: [gentoo-dev] RFC: UID/GID assignment for dovecot (76)

[Michael Orlitzky]

On 8/7/19 5:24 AM, Eray Aslan wrote:
> I would like to reserve UID/GID 76 for dovecot (net-mail/dovecot)
> 
> This id differs from what we have provided historically (97) but gid/97
> is used by acct-group/input.  So use 76 instead.
> 
> This id is the same in Arch (76) but differs from Redhat (97).
> 

Can we please go back to posting the patches for these new packages?
Personally, I couldn't care less what integer people pick out of a hat.
I review these to prevent situations like this:

  # acct-user/postmaster
  DESCRIPTION="Postmaster user"
  ACCT_USER_ID=14
  ACCT_USER_HOME=/var/spool/mail
  ACCT_USER_HOME_OWNER=root:mail
  ACCT_USER_HOME_PERMS=03775
  ACCT_USER_GROUPS=( mail )

  # acct-user/mail
  DESCRIPTION="Mail program user"
  ACCT_USER_ID=8
  ACCT_USER_HOME=/var/spool/mail
  ACCT_USER_HOME_OWNER=root:mail
  ACCT_USER_HOME_PERMS=03775
  ACCT_USER_GROUPS=( mail )

These two now need to be kept in-sync forever, because otherwise one is
going to clobber the permissions on the other's home directory. Not
having to worry about that was an explicit goal of GLEP81.

Given that both of those users are pulled in only by net-mail/mailbase
at the moment, you probably want to set those permissions in the ebuild,
and leave those two users' home directories at the default. The
net-mail/mailbase package certainly doesn't need their home directories
set to anything in particular. (It doesn't need the user at all, but
that's probably a larger issue with mailbase.)

Re: [gentoo-dev] RFC: UID/GID assignment for dovecot (76)

[Eray Aslan]

On Thu, Aug 15, 2019 at 02:58:17PM -0400, Michael Orlitzky wrote:
> On 8/7/19 5:24 AM, Eray Aslan wrote:
> > I would like to reserve UID/GID 76 for dovecot (net-mail/dovecot)
> > 
> > This id differs from what we have provided historically (97) but gid/97
> > is used by acct-group/input.  So use 76 instead.
> > 
> > This id is the same in Arch (76) but differs from Redhat (97).
> 
> Can we please go back to posting the patches for these new packages?
> Personally, I couldn't care less what integer people pick out of a hat.
> I review these to prevent situations like this:

For the record, it wasnt me who wrote those acct-user ebuilds.

>   # acct-user/postmaster
>   DESCRIPTION="Postmaster user"
>   ACCT_USER_ID=14
>   ACCT_USER_HOME=/var/spool/mail
>   ACCT_USER_HOME_OWNER=root:mail
>   ACCT_USER_HOME_PERMS=03775
>   ACCT_USER_GROUPS=( mail )
> 
>   # acct-user/mail
>   DESCRIPTION="Mail program user"
>   ACCT_USER_ID=8
>   ACCT_USER_HOME=/var/spool/mail
>   ACCT_USER_HOME_OWNER=root:mail
>   ACCT_USER_HOME_PERMS=03775
>   ACCT_USER_GROUPS=( mail )
> 
> These two now need to be kept in-sync forever, because otherwise one is
> going to clobber the permissions on the other's home directory. Not
> having to worry about that was an explicit goal of GLEP81.
> 
> Given that both of those users are pulled in only by net-mail/mailbase
> at the moment, you probably want to set those permissions in the ebuild

I dont want to set permissions in the ebuild if possible.  Thats not a
proper solution.

Why do we need a postmaster account at all?  Does anyone have a clue?

> and leave those two users' home directories at the default. The
> net-mail/mailbase package certainly doesn't need their home directories
> set to anything in particular. (It doesn't need the user at all, but
> that's probably a larger issue with mailbase.)

Getting rid of mailbase is certainly another option.

-- 
Eray

Re: [gentoo-dev] RFC: UID/GID assignment for dovecot (76)

[Michael Orlitzky]

On 8/17/19 2:36 AM, Eray Aslan wrote:
> 
> For the record, it wasnt me who wrote those acct-user ebuilds.

Apologies, I checked the metadata and assumed that I missed these as
part of your patch series. In any case, I'm not trying to throw blame
around -- this is all new and we're still figuring it out (which is why
I miss seeing the patches).


>>
>> Given that both of those users are pulled in only by net-mail/mailbase
>> at the moment, you probably want to set those permissions in the ebuild
> 
> I dont want to set permissions in the ebuild if possible.  Thats not a
> proper solution.
> 
> Why do we need a postmaster account at all?  Does anyone have a clue?
> 

If it is needed, it should be pulled in directly by the package that
needs it. I have a feeling that mailbase exists to avoid copy/pasting
some code between postfix, exim, and however-many versions of qmail we
once had. For the user creation at least, GLEP81 eliminates the
copy/pasting.


> Getting rid of mailbase is certainly another option.
> 

The only reason I didn't suggest this is because my TODO list is already
too long. I'm sure there's a good historical reason for mailbase to
exist, but I can't figure out what it does today.