1 |
On 8/17/19 4:35 AM, Ulrich Mueller wrote: |
2 |
> |
3 |
>> 2 No two acct-user packages should define the same ACCT_USER_HOME. |
4 |
> |
5 |
> These two points are not fulfilled by the users that currently belong |
6 |
> to baselayout. For example, "operator" (and "toor" on BSD) share /root |
7 |
> with the root user. |
8 |
> |
9 |
|
10 |
Let me first say that I've called these "guidelines" and not "rules" for |
11 |
a reason. If there's a legitimate reason to ignore one of them, then so |
12 |
be it. |
13 |
|
14 |
For "toor", it might make sense to leave its home directory as-is. It |
15 |
shares the same UID as "root", so the bit about clobbering permissions |
16 |
doesn't apply. |
17 |
|
18 |
The "operator" user on the other hand, is an anachronism. It's unable to |
19 |
log in by default, and I'll bet we could simply delete it from |
20 |
baselayout and no one would notice. Less zealously, we could leave its |
21 |
home directory at the default: /root will be unusable anyway (see below |
22 |
about $HOME being unwritable). |
23 |
|
24 |
|
25 |
>> 5 As a corollary of the previous item, it is highly suspicious for |
26 |
>> an acct-user package to set ACCT_USER_HOME_OWNER="root:root". |
27 |
> |
28 |
> Again, points 4 and 5 won't be true for several of baselayout's users. |
29 |
> For example, "nobody" lives in /var/empty but cannot write to it, and |
30 |
> that dir is owned by root. |
31 |
|
32 |
"The fact that the home directory is not writable suggests that the |
33 |
default (empty) ACCT_USER_HOME would suffice instead." |
34 |
|
35 |
Would it? |
36 |
|
37 |
|
38 |
> Same for the "sshd" user, which IIRC chroots to /var/empty, but must |
39 |
> not (be able to) write to that dir. |
40 |
|
41 |
It chroots to /var/empty, but does it chroot to $HOME? The ebuild passes |
42 |
|
43 |
--with-privsep-path="${EPREFIX%/}"/var/empty |
44 |
|
45 |
to the build. |
46 |
|
47 |
I see that on newer installs the "sshd" user now has /var/empty as its |
48 |
home directory. But the machine I'm typing this on had Gentoo installed |
49 |
on it in 2004, and sshd's home directory is set to /dev/null. And as far |
50 |
as I know, everything's fine. |
51 |
|
52 |
So, same question: would the default (empty) ACCT_USER_HOME suffice instead? |