From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 9F904138350 for ; Sun, 19 Jan 2020 19:02:24 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 352DFE096A; Sun, 19 Jan 2020 19:02:21 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E08A1E090E for ; Sun, 19 Jan 2020 19:02:20 +0000 (UTC) Received: by mail-pf1-f175.google.com with SMTP id i23so14657102pfo.2 for ; Sun, 19 Jan 2020 11:02:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=PED8xYrRmIfQfj9QN/Lr+cLley32KSKoeTII7SW4wG0=; b=ORld+PY0Hk3wyB/hRsi/vWtxfpV87m+uATY6ofNM6RlqM0Gx44KjlOnBB4V5ZuxI0n oJYWQiTJJyuZRB1AqWNFlF1fVoRob3dNbpobJeTOJodTuYbkEBNrv0GI5NVUH2och1nz QBGu9oQuWRpXnpoWECwd0SUWpzhEpSlci4qQK88sa5uV1UAXrIkAolZAxA+Uojl/tWO+ 0SzalmjxKB/YfiZvmthBjJ6IGWOK/GGMWn+G7GdI5Zovr5iSiepBTEXnNK3/IJQ/uZ3q xormQ5P5p3rYJxN1N/pjuC+Z60ogZHPIxb4ZhgCgTNjzXY5uvbA6czTHsjL+7gQhR2db 2lxQ== X-Gm-Message-State: APjAAAXYXxiyeT5cDKqF3uGZUXHezgtkDxb/m52vPOTvCNW3WQltY2Lc ArYyTm+AEvkX1frCF58iQ/ITe1V+xFUIzOlQjK6H4eiG X-Google-Smtp-Source: APXvYqwrQo+enW6/VUvNEBaNaP7NPs3NkiFarouC9I9r2oaVU+jxyQFcly6jDYxytfnyyw6Pa6k46u1+UD8kFSAT56Q= X-Received: by 2002:a62:4e0c:: with SMTP id c12mr13883274pfb.209.1579460539590; Sun, 19 Jan 2020 11:02:19 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 References: <825bd707-faa2-f956-edbb-a11a8d82296b@gentoo.org> <2313c928-6c17-394c-d437-b5ad1f76ecea@gentoo.org> <4c60e5c5-92ce-09f0-09c5-a7338bb9cfb3@gentoo.org> In-Reply-To: <4c60e5c5-92ce-09f0-09c5-a7338bb9cfb3@gentoo.org> From: Rich Freeman Date: Sun, 19 Jan 2020 14:02:08 -0500 Message-ID: Subject: Re: [gentoo-dev] GLEP81 and /home To: gentoo-dev Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: 3425df97-22c2-4948-ad63-e233ed207996 X-Archives-Hash: bfdf86a1abbd220d65928fe0050341ee On Sun, Jan 19, 2020 at 1:37 PM Michael Orlitzky wrote: > > On 1/19/20 12:42 PM, Rich Freeman wrote: > > > > Typically you wouldn't share service accounts across multiple hosts. > > I'd think that something like amavisd is going to go on a mail server. > > You're not going to be logging into that account to do typical > > desktop-oriented functions. > > > > If you had three mail servers, you probably would want to share > > /home/mjo across all of them, but you probably wouldn't want to share > > your amavisd config across them. That is why the config goes in /etc. > > I don't see how stuff it launches would be any different. > > The stuff it launches is different because the stuff it launches is > different. SpamAssassin, for example, can be run by normal users in a > traditional UNIX mail setup. So its configuration goes in $HOME, because > that's how it works. When amavis runs spamassassin, the SA configuration > comes from $HOME, because that's how it works. Sure, I completely understand that and have no issues with it. Ditto with having some apache module running sendmail, which has some plugin which gpg signs emails, which requires a ~/.gnupg for the apache user. > If you're sharing /home, you also have to be sharing user accounts, > unless you want everyone to be assigned a random set of files. I imagine that most people setting up something like this would only be sharing high-value UIDs (>1000 in our case). There is no need for postfix on your Gentoo box and postfix on your Debian box to have the same UID. You wouldn't be sshing from postfix on the one to postfix on the other and expecting to have the same home directory contents. > And if > you're sharing user accounts, you have to start each instance of amavis > as a different user, because its configuration is per-user. That's just > the way it works. Since it is a local account, not in /home, then it would be a separate user even if the UID is the same (or otherwise). You'd set up amavis on each mail server. They might be running different distros. They would be using local users. Don't get me wrong, it would be cleaner if POSIX users had a scope the way that an OS like Windows does it, but it isn't a big deal if you use high-numbered UIDs for shared users, and low-numbered UIDs for local users. > Everything is fine here, this all works and has worked for 20 years. Sure, it works fine if you have a single host, or do nothing to share your home directories, which I imagine is what 95% of Gentoo users do. I doubt most Gentoo users even encrypt /home, even though this has been standard for most of those 20 years on just about every major distro out there. If a user wants to put this stuff in /home we should certainly support that, and it would work fine if the user sets up the account properly before installing the package. They might get a QA warning, but that is the user's concern. -- Rich