From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id A991E138350 for ; Tue, 21 Jan 2020 11:44:41 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 74321E088A; Tue, 21 Jan 2020 11:44:36 +0000 (UTC) Received: from othala.iewc.co.za (othala.iewc.co.za [154.73.34.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B493DE0883 for ; Tue, 21 Jan 2020 11:44:34 +0000 (UTC) Received: from [165.16.203.62] (helo=tauri.local.uls.co.za) by othala.iewc.co.za with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92.2) (envelope-from ) id 1itrxL-00006C-9s; Tue, 21 Jan 2020 13:44:27 +0200 Received: from plastiekpoot.dhcp.uls.co.za ([192.168.42.199]) by tauri.local.uls.co.za with esmtp (Exim 4.92.2) (envelope-from ) id 1itrxJ-00023D-Fm; Tue, 21 Jan 2020 13:44:26 +0200 Subject: Re: [gentoo-dev] [PATCH 0/2] allow acct-user home directories in /home To: gentoo-dev@lists.gentoo.org, Michael Orlitzky References: <20200120034350.27108-1-mjo@gentoo.org> From: Jaco Kroon Autocrypt: addr=jaco@uls.co.za; prefer-encrypt=mutual; keydata= mQENBFXtplYBCADM6RTLCOSPiclevkn/gdf8h9l+kKA6N+WGIIFuUtoc9Gaf8QhXWW/fvUq2 a3eo4ULVFT1jJ56Vfm4MssGA97NZtlOe3cg8QJMZZhsoN5wetG9SrJvT9Rlltwo5nFmXY3ZY gXsdwkpDr9Y5TqBizx7DGxMd/mrOfXeql57FWFeOc2GuJBnHPZQMJsQ66l2obPn36hWEtHYN gcUSPH3OOusSEGZg/oX/8WSDQ/b8xz1JKTEgcnu/JR0FxzjY19zSHmbnyVU+/gF3oeJFcEUk HvZu776LRVdcZ0lb1bHQB2K9rTZBVeZLitgAefPVH2uERVSO8EZO1I5M7afV0Kd/Vyn9ABEB AAG0G0phY28gS3Jvb24gPGphY29AdWxzLmNvLnphPokBNwQTAQgAIQUCVe2mVgIbAwULCQgH AgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAILcSxr/fungCPB/sHrfufpRbrVTtHUjpbY4bTQLQE bVrh4/yMiKprALRYy0nsMivl16Q/3rNWXJuQ0gR/faC3yNlDgtEoXx8noXOhva9GGHPGTaPT hhpcp/1E4C9Ghcaxw3MRapVnSKnSYL+zOOpkGwye2+fbqwCkCYCM7Vu6ws3+pMzJNFK/UOgW Tj8O5eBa3DiU4U26/jUHEIg74U+ypYPcj5qXG0xNXmmoDpZweW41Cfo6FMmgjQBTEGzo9e5R kjc7MH3+IyJvP4bzE5Paq0q0b5zZ8DUJFtT7pVb3FQTz1v3CutLlF1elFZzd9sZrg+mLA5PM o8PG9FLw9ZtTE314vgMWJ+TTYX0kuQENBFXtplYBCADedX9HSSJozh4YIBT+PuLWCTJRLTLu jXU7HobdK1EljPAi1ahCUXJR+NHvpJLSq/N5rtL12ejJJ4EMMp2UUK0IHz4kx26FeAJuOQMe GEzoEkiiR15ufkApBCRssIj5B8OA/351Y9PFore5KJzQf1psrCnMSZoJ89KLfU7C5S+ooX9e re2aWgu5jqKgKDLa07/UVHyxDTtQKRZSFibFCHbMELYKDr3tUdUfCDqVjipCzHmLZ+xMisfn yX9aTVI3FUIs8UiqM5xlxqfuCnDrKBJjQs3uvmd6cyhPRmnsjase48RoO84Ckjbp/HVu0+1+ 6vgiPjbe4xk7Ehkw1mfSxb79ABEBAAGJAR8EGAEIAAkFAlXtplYCGwwACgkQCC3Esa/37p7u XwgAjpFzUj+GMmo8ZeYwHH6YfNZQV+hfesr7tqlZn5DhQXJgT2NF6qh5Vn8TcFPR4JZiVIkF o0je7c8FJe34Aqex/H9R8LxvhENX/YOtq5+PqZj59y9G9+0FFZ1CyguTDC845zuJnnR5A0lw FARZaL8T7e6UGphtiT0NdR7EXnJ/alvtsnsNudtvFnKtigYvtw2wthW6CLvwrFjsuiXPjVUX 825zQUnBHnrED6vG67UG4z5cQ4uY/LcSNsqBsoj6/wsT0pnqdibhCWmgFimOsSRgaF7qsVtg TWyQDTjH643+qYbJJdH91LASRLrenRCgpCXgzNWAMX6PJlqLrNX1Ye4CQw== Organization: Ultimate Linux Solutions (Pty) Ltd Message-ID: <3e61620d-4064-d2ae-aefb-e7641de7cf1b@uls.co.za> Date: Tue, 21 Jan 2020 13:44:25 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-GB X-Spam-report: Relay access (othala.iewc.co.za). X-Archives-Salt: b0f12b16-7162-4bde-acb8-06e381d1512c X-Archives-Hash: 6d06618a420afa6ca322d26c01165357 Hi Michael, My background:  21 years of Linux, 18 of which was primarily on Gentoo.  17 years of no other OS other than Linux.  Ex-sysadmin for a largish setup with 4000+ active users, and ~500-600 available workstations and a number of storage and other servers.  Not to brag, just to give you an idea of my background and experience. I am against this patch. On 2020/01/20 16:20, Michael Orlitzky wrote: > On 1/20/20 2:02 AM, Ulrich Mueller wrote: >>>>>>> On Mon, 20 Jan 2020, Michael Orlitzky wrote: >>> install-qa-check.d: allow acct-user home directories under /home. >> Nope. As you've been told, /home is site specific and can be setup in >> multiple ways that are incompatible with the package manager installing >> things there (the only exception being baselayout creating the directory >> itself). > I haven't been given a single technical reason why using /home would > cause a problem. What specific incompatibilities are you talking about? >From my perspective the following should be adequate: There is technically no real issue, but it's the right thing to do. Right, motivations for your proposal for allowing this: * You want it. Motivations against: * /home belongs to the sys-admin.  In above environment if you were to mess with my /home, I'd be very, very angry. * installing stuff into /home using system-local UIDs has potential security impacts if /home is distributed (user id conflicts). * People mentioned encrypted home folders using LUKS ... these typically mount on /home/${username} so I personally think this is less of an issue. * FHS standards (back to it's the right thing to do). * I've worked on numerous distributions (Debian, Ubuntu, RHEL, SuSE, Fedora, Mint, IMPI, knoppix ... probably others) and not once have I encountered system packages messing with /home.  Not having encountered it doesn't say there isn't any, just that I've not encountered them. > > >> Quoting FHS-3.0 again: >> >> | On large systems (especially when the /home directories are shared >> | amongst many hosts using NFS) it is useful to subdivide user home >> | directories. Subdivision may be accomplished by using subdirectories >> | such as /home/staff, /home/guests, /home/students, etc. >> >> So, how are you going to detect if such a scheme is used on the system, >> and in which subdirectory the amavis user should be placed? > The same way we detect that scheme before setting a home directory to > /var/lib/whatever, which you may notice, is not under /home/guests or > anything like that. Does this cause a real technical problem, or is it > just more FUD? It's not FUD, there is no fear here, no uncertainty, no doubt.  We don't *want* you to touch /home.  We want you to use /var/lib. > >> I also wonder why you would send this patch, when there wasn't a single >> voice supporting your proposition in the other thread and several >> opposing ones. > I don't want to just complain without offering a solution. > > No one has pointed out any problems with it. > > This stuff is already in /home, and I'd like to get off user.eclass > without introducing a new QA warning for a keepdir file. Use /var/lib/amavis/work and /var/lib/amavis/home.  Simple. Kind Regards, Jaco