From: "Robin H. Johnson" <robbat2@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] [PATCH 0/2] allow acct-user home directories in /home
Date: Tue, 21 Jan 2020 18:24:16 +0000 [thread overview]
Message-ID: <robbat2-20200121T181138-154464208Z@orbis-terrarum.net> (raw)
In-Reply-To: <bc1c64bf-0669-6005-408a-e3b3dce26e12@gentoo.org>
[-- Attachment #1: Type: text/plain, Size: 1398 bytes --]
On Mon, Jan 20, 2020 at 06:07:06PM -0500, Michael Orlitzky wrote:
> As I've said, a human uses the "amavis" account.
I think this statement here needs a bit of expansion, and thus it more
clarity happens.
Your aforementioned human generally doesn't use the 'amavis' account in
the same way that they might use a normal account. They don't expect to
login to it with GNOME/SSH and run typical user applications
(Libreoffice, Nethack etc.).
It's a system account that CAN get configured by a human manually
becoming that user. Either by login or means of changing effective UID
(su, sudo, doas, ksu, pmrun, runas, ...).
For a more secure environment, I would expect amavis to never have a
password and thus not be subject to normal login flows.
Gentoo Infra manages amavis & spamd without logging in as a human:
configuration management is used to change settings & files.
From this, I posit that something OUTSIDE of /home is the most-correct
location. /srv or /var.
Upstream uses /var/amavis
Debian uses /var/lib/amavis
I'm sympathetic to past users who have /home/amavisd and need to
migrate it, but such is the nature of sysadmin life.
--
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer
E-Mail : robbat2@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 1113 bytes --]
next prev parent reply other threads:[~2020-01-21 18:24 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-20 3:43 [gentoo-dev] [PATCH 0/2] allow acct-user home directories in /home Michael Orlitzky
2020-01-20 3:43 ` [gentoo-dev] [PATCH 1/2] install-qa-check.d: disallow "nix" and "gnu" as top-level paths Michael Orlitzky
2020-01-20 5:33 ` Michał Górny
2020-01-20 3:43 ` [gentoo-dev] [PATCH 2/2] install-qa-check.d: allow acct-user home directories under /home Michael Orlitzky
2020-01-20 5:35 ` Michał Górny
2020-01-20 23:57 ` Andreas K. Huettel
2020-01-21 0:22 ` Michael Orlitzky
2020-01-21 5:25 ` Michał Górny
2020-01-20 7:02 ` [gentoo-dev] [PATCH 0/2] allow acct-user home directories in /home Ulrich Mueller
2020-01-20 14:20 ` Michael Orlitzky
2020-01-20 14:50 ` David Seifert
2020-01-20 15:20 ` Michael Orlitzky
2020-01-20 18:39 ` Michał Górny
2020-01-20 18:52 ` Michael Orlitzky
2020-01-20 18:01 ` Ulrich Mueller
2020-01-20 18:15 ` Michael Orlitzky
2020-01-20 22:08 ` Alec Warner
2020-01-20 23:07 ` Michael Orlitzky
2020-01-21 18:24 ` Robin H. Johnson [this message]
2020-01-21 11:44 ` Jaco Kroon
2020-01-21 14:57 ` Michael Orlitzky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=robbat2-20200121T181138-154464208Z@orbis-terrarum.net \
--to=robbat2@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox