Re: [gentoo-dev] [PATCH 0/2] allow acct-user home directories in /home

[Jaco Kroon <jaco@uls.co.za>]

Hi Michael,

My background:  21 years of Linux, 18 of which was primarily on Gentoo. 
17 years of no other OS other than Linux.  Ex-sysadmin for a largish
setup with 4000+ active users, and ~500-600 available workstations and a
number of storage and other servers.  Not to brag, just to give you an
idea of my background and experience.

I am against this patch.

On 2020/01/20 16:20, Michael Orlitzky wrote:

> On 1/20/20 2:02 AM, Ulrich Mueller wrote:
>>>>>>> On Mon, 20 Jan 2020, Michael Orlitzky wrote:
>>>   install-qa-check.d: allow acct-user home directories under /home.
>> Nope. As you've been told, /home is site specific and can be setup in
>> multiple ways that are incompatible with the package manager installing
>> things there (the only exception being baselayout creating the directory
>> itself).
> I haven't been given a single technical reason why using /home would
> cause a problem. What specific incompatibilities are you talking about?

From my perspective the following should be adequate:

There is technically no real issue, but it's the right thing to do.

Right, motivations for your proposal for allowing this:

* You want it.

Motivations against:

* /home belongs to the sys-admin.  In above environment if you were to
mess with my /home, I'd be very, very angry.
* installing stuff into /home using system-local UIDs has potential
security impacts if /home is distributed (user id conflicts).
* People mentioned encrypted home folders using LUKS ... these typically
mount on /home/${username} so I personally think this is less of an issue.
* FHS standards (back to it's the right thing to do).
* I've worked on numerous distributions (Debian, Ubuntu, RHEL, SuSE,
Fedora, Mint, IMPI, knoppix ... probably others) and not once have I
encountered system packages messing with /home.  Not having encountered
it doesn't say there isn't any, just that I've not encountered them.

>
>
>> Quoting FHS-3.0 again:
>>
>> | On large systems (especially when the /home directories are shared
>> | amongst many hosts using NFS) it is useful to subdivide user home
>> | directories. Subdivision may be accomplished by using subdirectories
>> | such as /home/staff, /home/guests, /home/students, etc.
>>
>> So, how are you going to detect if such a scheme is used on the system,
>> and in which subdirectory the amavis user should be placed?
> The same way we detect that scheme before setting a home directory to
> /var/lib/whatever, which you may notice, is not under /home/guests or
> anything like that. Does this cause a real technical problem, or is it
> just more FUD?

It's not FUD, there is no fear here, no uncertainty, no doubt.  We don't
*want* you to touch /home.  We want you to use /var/lib.

>
>> I also wonder why you would send this patch, when there wasn't a single
>> voice supporting your proposition in the other thread and several
>> opposing ones.
> I don't want to just complain without offering a solution.
>
> No one has pointed out any problems with it.
>
> This stuff is already in /home, and I'd like to get off user.eclass
> without introducing a new QA warning for a keepdir file.

Use /var/lib/amavis/work and /var/lib/amavis/home.  Simple.

Kind Regards,
Jaco