From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 7B8DB138334 for ; Sat, 17 Aug 2019 18:03:03 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B6140E083D; Sat, 17 Aug 2019 18:02:59 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 734C6E0833 for ; Sat, 17 Aug 2019 18:02:59 +0000 (UTC) Received: from katipo2.lan (unknown [203.86.205.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: kentnl) by smtp.gentoo.org (Postfix) with ESMTPSA id B20E3349CDB for ; Sat, 17 Aug 2019 18:02:57 +0000 (UTC) Date: Sun, 18 Aug 2019 06:02:10 +1200 From: Kent Fredric To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] RFC: GLEP81 home directory guidelines Message-ID: <20190818060210.171e8d1f@katipo2.lan> In-Reply-To: References: <1a2868d7-bd4b-cd8c-b51e-6fe994057540@gentoo.org> Organization: Gentoo X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/QBg3c=dDPyHpSL/J2lPzj8G"; protocol="application/pgp-signature"; micalg=pgp-sha256 X-Archives-Salt: a5d6dfca-51eb-4ea8-aaf5-3e4c0c9b60dd X-Archives-Hash: fe4e5a1ffbdb667fd38dfe89b5633af7 --Sig_/QBg3c=dDPyHpSL/J2lPzj8G Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Sat, 17 Aug 2019 10:35:29 +0200 Ulrich Mueller wrote: > For example, "nobody" lives in /var/empty but cannot write to it, and > that dir is owned by root. What ensures that the permissions on /var/empty are correct for this scenario? Possibly having acct-* create a /var/lib/nobody or a /var/lib/ssh (or similar) _and_ ensure the no-write permissions are correct could be a feature? Maybe this needs to be a feature or something in the eclass? > ACCT_HOME_NOWRITE=3D1 * eclass decides what HOME should be (maybe just /var/empty, /var/lib/nobody or, say, /var/lib/no-write/nobody) * eclass ensures -w for u,g,o --Sig_/QBg3c=dDPyHpSL/J2lPzj8G Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEgdrME8Lrmai3DXYJda6SGagVg7UFAl1YQTsACgkQda6SGagV g7UFFQ//Z+CQvUIkEI164n1zjtztsskQJRx7ICc+KUz/opNHi6+Ipl3w8qqtj23l O2G7wIvSCIyLhvvWfAeSKYn1S3uepn92GRgi1g9bWyzaXNTU3bQj/5/KTiHarvoz txpm56sXT5MLco0GQ6cPYcblVzhZ5ONM37ESWsjEON8/Y/ciIsn9AnS1wcivjYpS iwESP4hrQCizKWlIhqusePqqtc5Av7WhcnWWSXXyUGZlK3AIL3A4HQxCsRI8OaM3 +Q+v44gsU7ZugXg020rs0fD98bG/Sa4sRreUGEwN5rf6khuZZAwvdPf9Z212VMkX Tek7/gSl/gWW8XekvLVFRBNLYEZt/e5hGRKMdNCiTeLbgSA28koecSkZcNySCwaD y7skmDCcy2r+q1nLguphNGqi2tuBIKZ4xd8vqdV4sWxBjFeucylw5PClXwIqfXxb 56U/rwvAyQuT/0cryfeEtjM7rpy+gFhXjC+MjYhFkW3BzEerInyy7W2jfLm7oVvn Vw+zl4g4WQ/mUTQwg7xRcVwF/pFYFRhjqn5yB3O90r6kkOqDLVJE3RHbB+hBtQ7a STeD9zP8qeLX1OxFSo5OUfMsketyeJfq86X5qYs1R5XZWfpPd8G55g6w6Qu5mO0o maOSU5nVexpQSh64C7fDFI/ZlHAgySZV7RALfmAwtjFb1gKnPPw= =R3mz -----END PGP SIGNATURE----- --Sig_/QBg3c=dDPyHpSL/J2lPzj8G--