From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 8CF0A1382C5 for ; Mon, 4 Jan 2021 18:23:49 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 76776E0A6B; Mon, 4 Jan 2021 18:23:47 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 37149E0A65 for ; Mon, 4 Jan 2021 18:23:47 +0000 (UTC) To: gentoo-dev@lists.gentoo.org References: <20210104013558.20072-1-whissi@gentoo.org> <89a1c171-de56-4f9e-af2a-9140d2be3552@gentoo.org> From: Thomas Deutschmann Organization: Gentoo Linux Subject: Re: [gentoo-dev] Re: [PATCH] acct-user.eclass: don't modify existing user by default Message-ID: Date: Mon, 4 Jan 2021 19:23:42 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: <89a1c171-de56-4f9e-af2a-9140d2be3552@gentoo.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="1SHkVRCxpJcHtcfmRwVagx8W6na2TuJ67" X-Archives-Salt: d5d16a8b-eefa-444e-8b89-28019bf1a880 X-Archives-Hash: fade58be91d3e02ae5d3ff7e8baaa51b This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --1SHkVRCxpJcHtcfmRwVagx8W6na2TuJ67 Content-Type: multipart/mixed; boundary="p1w8FDpbEaEIjk8FGUz66J3TrEn12Tw1z"; protected-headers="v1" From: Thomas Deutschmann To: gentoo-dev@lists.gentoo.org Message-ID: Subject: Re: [gentoo-dev] Re: [PATCH] acct-user.eclass: don't modify existing user by default References: <20210104013558.20072-1-whissi@gentoo.org> <89a1c171-de56-4f9e-af2a-9140d2be3552@gentoo.org> In-Reply-To: <89a1c171-de56-4f9e-af2a-9140d2be3552@gentoo.org> --p1w8FDpbEaEIjk8FGUz66J3TrEn12Tw1z Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hi, On 2021-01-04 19:07, Michael Orlitzky wrote: > We could implement this with something like an /etc/users.d directory=20 > that would be populated with entries by either the admin or package=20 > manager with CONFIG_PROTECT enabled. Then the system database would be = > updated by running something like "users-update" (cf. env-update). The = > essential problem that we need to work around is that e.g. /etc/passwd = > is "owned" by multiple system packages. >=20 > I think this would accomplish what you and Robin are talking about, but= =20 > it wouldn't solve whissi's problem since it's still a Gentoo-specific=20 > solution. If you really want to spend so much time on this, feel free to implement = something like this. From my point of view this is wasted time. I really = have no words for anyone believing that there must be a way to deal with = user config. This is a no go for me and most people in my bubble. Once=20 you have created something, it's user data. If you want to make changes, = tell the user about it but never ever mess with user configs. History is = full of examples when messing with user configs caused real harm. For example there is a reason why we don't edit /etc files. Instead have = CONFIG_PROTECT and are only providing helpers to update config. Do I really need to explain what can go wrong when you suddenly change=20 /home? What will happen to your cron jobs for example? What will happen when you make changes to groups and reboot? But as said, if you want to spend so much time on this and create a=20 complicated solution which will be adding a lot of complexity which I=20 think isn't worth it, *I* could live with it. It's the same like dealing = with CONFIG_PROTECT already. People like me could just ignore changed users if changes won't go live=20 until you run said users-update command or make use of INSTALL_MASK. --=20 Regards, Thomas Deutschmann / Gentoo Linux Developer fpr: C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 --p1w8FDpbEaEIjk8FGUz66J3TrEn12Tw1z-- --1SHkVRCxpJcHtcfmRwVagx8W6na2TuJ67 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEExKRzo+LDXJgXHuURObr3Jv2BVkFAl/zXS4FAwAAAAAACgkQRObr3Jv2BVl+ 2QgAlARH0SILJ3rbWCg+hAZM5/uCYpUaMzG+DJG/ED/jkwjkYOMVICUoeuqnF9hM8Zgs0Wrl3c57 NTUs9HIaCQ57pn4OiMXOlXn7hfDcWjdN6lQUnveUDj616MangJCL9KqIXzrV3lkW2rXRIW606G9F HSTRK4SseBenIkbHYISOCFzkYg1MJrUvQYdAtkarw2gVHZnCp/KYQK4GFwnfLPGM8Hyb4FaBL/Jw EOxjA9bYJqlldCfgVuVg+Y+FltCsAU43wgYgC9ro3W0c4SkLOUxp18hiKbVvZUSqWk5oEdz/qZDe Q21cHnJqRHygZ/PAFihlihiNPrR9Ct9YAfCEcTQk6w== =dBhK -----END PGP SIGNATURE----- --1SHkVRCxpJcHtcfmRwVagx8W6na2TuJ67--