Re: [gentoo-dev] RFC: GLEP81 home directory guidelines

[Michael Orlitzky <mjo@gentoo.org>]

On 8/17/19 4:35 AM, Ulrich Mueller wrote:
> 
>>   2 No two acct-user packages should define the same ACCT_USER_HOME.
> 
> These two points are not fulfilled by the users that currently belong
> to baselayout. For example, "operator" (and "toor" on BSD) share /root
> with the root user.
> 

Let me first say that I've called these "guidelines" and not "rules" for
a reason. If there's a legitimate reason to ignore one of them, then so
be it.

For "toor", it might make sense to leave its home directory as-is. It
shares the same UID as "root", so the bit about clobbering permissions
doesn't apply.

The "operator" user on the other hand, is an anachronism. It's unable to
log in by default, and I'll bet we could simply delete it from
baselayout and no one would notice. Less zealously, we could leave its
home directory at the default: /root will be unusable anyway (see below
about $HOME being unwritable).


>>   5 As a corollary of the previous item, it is highly suspicious for
>>     an acct-user package to set ACCT_USER_HOME_OWNER="root:root".
> 
> Again, points 4 and 5 won't be true for several of baselayout's users.
> For example, "nobody" lives in /var/empty but cannot write to it, and
> that dir is owned by root.

"The fact that the home directory is not writable suggests that the
default (empty) ACCT_USER_HOME would suffice instead."

Would it?


> Same for the "sshd" user, which IIRC chroots to /var/empty, but must
> not (be able to) write to that dir.

It chroots to /var/empty, but does it chroot to $HOME? The ebuild passes

  --with-privsep-path="${EPREFIX%/}"/var/empty

to the build.

I see that on newer installs the "sshd" user now has /var/empty as its
home directory. But the machine I'm typing this on had Gentoo installed
on it in 2004, and sshd's home directory is set to /dev/null. And as far
as I know, everything's fine.

So, same question: would the default (empty) ACCT_USER_HOME suffice instead?