| 1 |
On Sun, Jan 19, 2020 at 2:27 PM Michael Orlitzky <mjo@g.o> wrote: |
| 2 |
> |
| 3 |
> On 1/19/20 2:02 PM, Rich Freeman wrote: |
| 4 |
> > |
| 5 |
> >> If you're sharing /home, you also have to be sharing user accounts, |
| 6 |
> >> unless you want everyone to be assigned a random set of files. |
| 7 |
> > |
| 8 |
> > I imagine that most people setting up something like this would only |
| 9 |
> > be sharing high-value UIDs (>1000 in our case). There is no need for |
| 10 |
> > postfix on your Gentoo box and postfix on your Debian box to have the |
| 11 |
> > same UID. You wouldn't be sshing from postfix on the one to postfix |
| 12 |
> > on the other and expecting to have the same home directory contents. |
| 13 |
> > |
| 14 |
> |
| 15 |
> You can't do that. If you're going to mount files from one system onto |
| 16 |
> another system, using only an integer <--> username mapping as your |
| 17 |
> access control mechanism, then you'd better be damn sure that those |
| 18 |
> integers and usernames match on all systems. Otherwise I might wind up |
| 19 |
> sharing /home/mjo to rich0 because the "mjo" and "rich0" groups both |
| 20 |
> have gid 1000 locally. |
| 21 |
|
| 22 |
Obviously the UIDs associated with the shared /home need to be |
| 23 |
identical. Simplest solution is to sync anything > 1000 in |
| 24 |
/etc/passwd, and then not allow UIDs below 1000 in /home. A cron job |
| 25 |
could easily handle both, and of course regular users can't go |
| 26 |
creating stuff with the wrong UID anyway. |
| 27 |
|
| 28 |
> We've talked this to death. Barring any new evidence, /home still seems |
| 29 |
> like the best place for these, and I don't want to put them in the wrong |
| 30 |
> spot (forcing users to migrate) just to appease a QA warning from before |
| 31 |
> GLEP81 was a thing. |
| 32 |
|
| 33 |
Well, great, then by all means ask QA for a policy exception. Not my |
| 34 |
place to yell at you if you don't, but don't be surprised if somebody |
| 35 |
else does... |
| 36 |
|
| 37 |
-- |
| 38 |
Rich |
Archives