1 |
On 1/19/20 2:47 PM, Rich Freeman wrote: |
2 |
> |
3 |
> Obviously the UIDs associated with the shared /home need to be |
4 |
> identical. Simplest solution is to sync anything > 1000 in |
5 |
> /etc/passwd, and then not allow UIDs below 1000 in /home. A cron job |
6 |
> could easily handle both, and of course regular users can't go |
7 |
> creating stuff with the wrong UID anyway. |
8 |
|
9 |
That's not enough. You also need to sync any user/group that appears as |
10 |
the owner or group of a file in /home, and every user/group that appears |
11 |
in an ACL in /home, and so on. And since you have no idea what files or |
12 |
access control lists will show up in /home, you'd better sync them all. |
13 |
|
14 |
|
15 |
>> We've talked this to death. Barring any new evidence, /home still seems |
16 |
>> like the best place for these, and I don't want to put them in the wrong |
17 |
>> spot (forcing users to migrate) just to appease a QA warning from before |
18 |
>> GLEP81 was a thing. |
19 |
> |
20 |
> Well, great, then by all means ask QA for a policy exception. Not my |
21 |
> place to yell at you if you don't, but don't be surprised if somebody |
22 |
> else does... |
23 |
> |
24 |
|
25 |
I'm not going to violate the policy, I'm going to delete the keepdir |
26 |
file from $D. Then everything is back to normal. |
27 |
|
28 |
If I was willing to introduce a QA warning, this thread would have been |
29 |
a lot shorter =P |