From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 0FD40138334 for ; Tue, 10 Sep 2019 22:54:50 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4079FE089B; Tue, 10 Sep 2019 22:54:46 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 011F1E0894 for ; Tue, 10 Sep 2019 22:54:45 +0000 (UTC) Received: from [192.168.1.100] (c-98-218-46-55.hsd1.md.comcast.net [98.218.46.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mjo) by smtp.gentoo.org (Postfix) with ESMTPSA id D2A3B34AFD1 for ; Tue, 10 Sep 2019 22:54:44 +0000 (UTC) Subject: Re: [gentoo-dev] Use acct-* for qmail users To: gentoo-dev@lists.gentoo.org References: <1895278.F6jdylAkOj@daneel.sf-tec.de> <2008949.DR2h0dBj5l@daneel.sf-tec.de> From: Michael Orlitzky Message-ID: <9bf50c71-0c9f-ed23-06b1-1fe042dbcc88@gentoo.org> Date: Tue, 10 Sep 2019 18:54:39 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: <2008949.DR2h0dBj5l@daneel.sf-tec.de> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Archives-Salt: 410d370f-f3b2-49f7-842d-214075466a0b X-Archives-Hash: 992c989e6f20c5cafb4502109f68bd32 On 9/10/19 4:25 PM, Rolf Eike Beer wrote: > > I'm not entirely sure. It's what qmail always has done and what the eclass > also did. > This is suggested by the qmail documentation, http://lifewithqmail.org/lwq.html#create-users ...but goes back to at least 1998, and likely earlier. I grepped the source and don't see any obvious uses of $HOME. It was probably suggested by DJB simply because it's a directory, and guaranteed to exist on the various platforms that qmail supported at the time. It would be best if someone who runs qmail could change them all to /dev/null and see if anything breaks. The home directory is already unwritable, and none of the users have shells, so I'm optimistic. At present, the following code is repeated six times, ACCT_USER_HOME=/var/qmail ACCT_USER_HOME_OWNER=root:qmail ACCT_USER_HOME_PERMS=0755 ACCT_USER_GROUPS=( nofiles ) and you have to keep them in sync for eternity. It would be less error-prone if you could create that directory (and /var/qmail/alias) only once, in the qmail ebuild, since that's the package that uses those directories.