Gentoo Archives: gentoo-dev

From: Rich Freeman <rich0@g.o>
To: gentoo-dev <gentoo-dev@l.g.o>
Subject: Re: [gentoo-dev] GLEP81 and /home
Date: Mon, 20 Jan 2020 02:52:42
In Reply to: Re: [gentoo-dev] GLEP81 and /home by Michael Orlitzky
1 On Sun, Jan 19, 2020 at 8:51 PM Michael Orlitzky <mjo@g.o> wrote:
2 >
3 > On 1/19/20 8:20 PM, Rich Freeman wrote:
4 > > It would be far simpler for the sysadmin to simply ensure that no
5 > > unsynced user owns a file or appears in an ACL. That would be pretty
6 > > trivial to achieve. Whatever is hosting /home could be designed to
7 > > block such changes, or you could just scan for these ownership issues
8 > > periodically and treat those responsible for them appropriately.
9 >
10 > Fantasy scenarios again. I'm not going to debunk a system that you just
11 > thought up and that has never existed. Why don't you find one person who
12 > actually does this, and see if it bothers him if we create a home
13 > directory under /home where it belongs?
15 Uh, I'm pretty confident that nothing in my /home is owned by a UID
16 under 1000, or has an ACL referencing such a UID. I just checked with
17 myself and I don't want you creating directories in /home.
19 This really seems like it has the potential to create a mess for
20 anybody using LUKS-encrypted home directories, stuff mounted from
21 CIFS, and so on. While I personally don't do either it seems fairly
22 mainstream, and I could eventually see myself using it more once
23 better supported on Gentoo (such as when systemd-homed is more
24 mainstream).
26 > > On the topic of treating those responsible appropriately, somehow I
27 > > could see this scenario turning into a quiz question.
28 > >
29 > > I mean, would it kill you to just talk to QA first?
30 >
31 > I've already got responses from two QA members. This thread is pretty
32 > hard to miss.
34 Well, then why go posting stuff like "guess we'll be triggering a
35 warning after all?"
37 > I'm working on a patch for the install-qa-check.d check
38 > and I'm sure I'll get more when I post it.
40 Are you just allowing it to not create the directory, or are we
41 considering patching it to allow creating stuff under /home? It would
42 seem that the policy would also need updating in that case, but
43 probably not the former.
45 --
46 Rich


Subject Author
Re: [gentoo-dev] GLEP81 and /home Michael Orlitzky <mjo@g.o>