From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id B1E56138350 for ; Sat, 18 Jan 2020 19:08:43 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 45478E092E; Sat, 18 Jan 2020 19:08:40 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id DA212E092B for ; Sat, 18 Jan 2020 19:08:39 +0000 (UTC) Received: from pomiot (c142-245.icpnet.pl [85.221.142.245]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id C250934E1BF; Sat, 18 Jan 2020 19:08:37 +0000 (UTC) Message-ID: <8a8e65fc27a02e926d9691a594b1756fc6ce1c63.camel@gentoo.org> Subject: Re: [gentoo-dev] GLEP81 and /home From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org Date: Sat, 18 Jan 2020 20:08:33 +0100 In-Reply-To: <825bd707-faa2-f956-edbb-a11a8d82296b@gentoo.org> References: <825bd707-faa2-f956-edbb-a11a8d82296b@gentoo.org> Organization: Gentoo Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-XnsvjYkYDngK7rgFlguY" User-Agent: Evolution 3.32.5 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 X-Archives-Salt: 934418a0-29da-4e80-b3f3-31da3ac01d69 X-Archives-Hash: c92fa6c4e78181f003bf1ac16021b511 --=-XnsvjYkYDngK7rgFlguY Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, 2020-01-18 at 12:51 -0500, Michael Orlitzky wrote: > We forbid packages from installing to /home for good reason: for most of > history, users (and their home directories) were outside the purview of > the package manager. But with GLEP81, that's changed: the package > manager is now in charge of creating each system user's home directory > and of giving it the correct permissions and ownership. >=20 > Is the policy against installing to /home still consistent? >=20 > For example: the mail-filter/amavisd-new daemon needs a user, typically > called "amavis". The daemon also needs a working directory that it can > write to. The obvious choice for a working directory is /var/lib/amavis, > but there's a catch: spamassassin, razor, pyzor, et cetera (which are > all used by amavis) store their configuration in the current user's home > directory, and not in some daemon-specific location. So "amavis" needs a > home directory, because that's where much of the configuration for > amavisd goes. >=20 > Where do we put amavis's home directory? >=20 > 1 /var/lib/amavis is a bad idea, because it conflicts with the working > directory (we don't want the two packages to get out of sync, nor do > we want to keep them in-sync manually). >=20 Sounds like you've created an arbitrary rule that prevents the two packages from using the same directory, and therefore you've created this problem yourself. Why not just go back and reconsider using the same directory instead of adding complexity for ideological reasons? Is it really that problematic to have the directory created by amavisd user, and have all packages depend on it? --=20 Best regards, Micha=C5=82 G=C3=B3rny --=-XnsvjYkYDngK7rgFlguY Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQGTBAABCgB9FiEEx2qEUJQJjSjMiybFY5ra4jKeJA4FAl4jV7FfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM3 NkE4NDUwOTQwOThEMjhDQzhCMjZDNTYzOUFEQUUyMzI5RTI0MEUACgkQY5ra4jKe JA6AGQgAgShdFPvk4zTzv4qhZlcf+MdoqkqdeI7BlszBFhcc/rF9uKlvA/xLS6aX n5+mTlTpH071LyYjipWmdYc0TJFW1zXxlvoNJ7VfmJkvk8vnJMOVS6QGOvjcfZ1z mO0UpDvRYdPRp8jEPEH9zxppOe2lDW0uCGCYpKpiE9q1Ex41uR/qyOtMTtz5WPMv ZQ/gDoFeHOQZXaXcZINNrPRKD2ssilyHFEuC9RKBBKCgq4XZxtWagkWf8VewC6Qd W9v9wfZzeMmTjDYV9aHyizifSnQvNluu+plA7jkghca+zxAIRz4FJS+ANR9DmbxT wGEnMf26KalL40PwwuY9a5n9qu41OA== =D2P/ -----END PGP SIGNATURE----- --=-XnsvjYkYDngK7rgFlguY--