From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 3093B138350 for ; Sun, 19 Jan 2020 18:37:26 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 06E98E089F; Sun, 19 Jan 2020 18:37:23 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A3721E0896 for ; Sun, 19 Jan 2020 18:37:22 +0000 (UTC) Received: from [192.168.1.100] (c-98-218-46-55.hsd1.md.comcast.net [98.218.46.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mjo) by smtp.gentoo.org (Postfix) with ESMTPSA id A493734E25A for ; Sun, 19 Jan 2020 18:37:21 +0000 (UTC) Subject: Re: [gentoo-dev] GLEP81 and /home To: gentoo-dev@lists.gentoo.org References: <825bd707-faa2-f956-edbb-a11a8d82296b@gentoo.org> <2313c928-6c17-394c-d437-b5ad1f76ecea@gentoo.org> From: Michael Orlitzky Message-ID: <4c60e5c5-92ce-09f0-09c5-a7338bb9cfb3@gentoo.org> Date: Sun, 19 Jan 2020 13:37:16 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Archives-Salt: 14a52585-3a58-40cb-a5c0-5b89ddf68ecc X-Archives-Hash: a7176623455614425916012be01d0d3f On 1/19/20 12:42 PM, Rich Freeman wrote: > > Typically you wouldn't share service accounts across multiple hosts. > I'd think that something like amavisd is going to go on a mail server. > You're not going to be logging into that account to do typical > desktop-oriented functions. > > If you had three mail servers, you probably would want to share > /home/mjo across all of them, but you probably wouldn't want to share > your amavisd config across them. That is why the config goes in /etc. > I don't see how stuff it launches would be any different. The stuff it launches is different because the stuff it launches is different. SpamAssassin, for example, can be run by normal users in a traditional UNIX mail setup. So its configuration goes in $HOME, because that's how it works. When amavis runs spamassassin, the SA configuration comes from $HOME, because that's how it works. If you're sharing /home, you also have to be sharing user accounts, unless you want everyone to be assigned a random set of files. And if you're sharing user accounts, you have to start each instance of amavis as a different user, because its configuration is per-user. That's just the way it works. Everything is fine here, this all works and has worked for 20 years. If you have a real scenario where any of this causes a problem, I truly would like to hear it so that I don't make a mistake. But picking apart hypothetical scenarios that don't actually apply is making this thread way longer and more confusing than it has to be. > You don't really want to be using it interactively as a human per-se > any more than you interactively log in as root or any other service > account. There are rare occassions where I'll launch a shell as > apache or postfix or whatever, but that doesn't mean that you want it > to have a home in /home. You also log in as amavis to e.g. release spam from the quarantine. And postfix/apache don't need home directories at all, it's not the same. > I mean, you're still doing stuff as root. You're just not running chown. > > POSIX certainly could fix it, though whether it could do it in a > manner that doesn't break everything in existence is another matter. > For example, if POSIX just got rid of hard links many of the issues > would just go away. Hard links are a red herring. Any write or execute operation you intend to perform as root in my home directory can be subverted in a million different ways. Hard links just happen to be the stupidest one-line way to convince people of that fact. There's already a POSIX solution for changing permissions/ownership: don't do that. Set umask appropriately, and create files as the user who should own them. Then you don't have to call chown/chmod to fix the mess you just created. Running "touch foo.txt && chown mjo foo.txt" as root in a directory I control is asking for trouble, but if I run "touch foo.txt" as myself in the same directory... what am I going to do, escalate privileges to myself?