From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 254CE138334 for ; Sat, 17 Aug 2019 06:36:45 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 61687E08B0; Sat, 17 Aug 2019 06:36:40 +0000 (UTC) Received: from asona.a21an.org (asona.a21an.org [IPv6:2a01:7e00::f03c:91ff:fe96:53cb]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 13691E08A2 for ; Sat, 17 Aug 2019 06:36:39 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by asona.a21an.org (Postfix) with ESMTP id 469VpF6ty8z2r0Q for ; Sat, 17 Aug 2019 06:36:37 +0000 (UTC) X-Virus-Scanned: amavisd-new at a21an.org Received: from asona.a21an.org ([127.0.0.1]) by localhost (asona.a21an.org [127.0.0.1]) (amavisd-new, port 10026) with LMTP id qUSZlgnjWI0J for ; Sat, 17 Aug 2019 06:36:37 +0000 (UTC) Received: from angelfall.a21an.org (unknown [85.99.112.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by asona.a21an.org (Postfix) with ESMTPSA id 469VpF37s2z2qDV for ; Sat, 17 Aug 2019 06:36:37 +0000 (UTC) Date: Sat, 17 Aug 2019 09:36:28 +0300 From: Eray Aslan To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] RFC: UID/GID assignment for dovecot (76) Message-ID: <20190817063628.GA2959@angelfall.a21an.org> References: <20190807092427.GB28733@angelfall.a21an.org> <8018de5e-e5e3-c500-2f59-c09c21932223@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <8018de5e-e5e3-c500-2f59-c09c21932223@gentoo.org> User-Agent: Mutt/1.12.1 (2019-06-15) X-Archives-Salt: cd4e0c38-2ba6-47d1-a1eb-ea3758f3ce33 X-Archives-Hash: a963607b1f2d1c2bf81cbffdb37a96ec On Thu, Aug 15, 2019 at 02:58:17PM -0400, Michael Orlitzky wrote: > On 8/7/19 5:24 AM, Eray Aslan wrote: > > I would like to reserve UID/GID 76 for dovecot (net-mail/dovecot) > > > > This id differs from what we have provided historically (97) but gid/97 > > is used by acct-group/input. So use 76 instead. > > > > This id is the same in Arch (76) but differs from Redhat (97). > > Can we please go back to posting the patches for these new packages? > Personally, I couldn't care less what integer people pick out of a hat. > I review these to prevent situations like this: For the record, it wasnt me who wrote those acct-user ebuilds. > # acct-user/postmaster > DESCRIPTION="Postmaster user" > ACCT_USER_ID=14 > ACCT_USER_HOME=/var/spool/mail > ACCT_USER_HOME_OWNER=root:mail > ACCT_USER_HOME_PERMS=03775 > ACCT_USER_GROUPS=( mail ) > > # acct-user/mail > DESCRIPTION="Mail program user" > ACCT_USER_ID=8 > ACCT_USER_HOME=/var/spool/mail > ACCT_USER_HOME_OWNER=root:mail > ACCT_USER_HOME_PERMS=03775 > ACCT_USER_GROUPS=( mail ) > > These two now need to be kept in-sync forever, because otherwise one is > going to clobber the permissions on the other's home directory. Not > having to worry about that was an explicit goal of GLEP81. > > Given that both of those users are pulled in only by net-mail/mailbase > at the moment, you probably want to set those permissions in the ebuild I dont want to set permissions in the ebuild if possible. Thats not a proper solution. Why do we need a postmaster account at all? Does anyone have a clue? > and leave those two users' home directories at the default. The > net-mail/mailbase package certainly doesn't need their home directories > set to anything in particular. (It doesn't need the user at all, but > that's probably a larger issue with mailbase.) Getting rid of mailbase is certainly another option. -- Eray