| 1 |
On Sun, Jan 19, 2020 at 8:51 PM Michael Orlitzky <mjo@g.o> wrote: |
| 2 |
> |
| 3 |
> On 1/19/20 8:20 PM, Rich Freeman wrote: |
| 4 |
> > It would be far simpler for the sysadmin to simply ensure that no |
| 5 |
> > unsynced user owns a file or appears in an ACL. That would be pretty |
| 6 |
> > trivial to achieve. Whatever is hosting /home could be designed to |
| 7 |
> > block such changes, or you could just scan for these ownership issues |
| 8 |
> > periodically and treat those responsible for them appropriately. |
| 9 |
> |
| 10 |
> Fantasy scenarios again. I'm not going to debunk a system that you just |
| 11 |
> thought up and that has never existed. Why don't you find one person who |
| 12 |
> actually does this, and see if it bothers him if we create a home |
| 13 |
> directory under /home where it belongs? |
| 14 |
|
| 15 |
Uh, I'm pretty confident that nothing in my /home is owned by a UID |
| 16 |
under 1000, or has an ACL referencing such a UID. I just checked with |
| 17 |
myself and I don't want you creating directories in /home. |
| 18 |
|
| 19 |
This really seems like it has the potential to create a mess for |
| 20 |
anybody using LUKS-encrypted home directories, stuff mounted from |
| 21 |
CIFS, and so on. While I personally don't do either it seems fairly |
| 22 |
mainstream, and I could eventually see myself using it more once |
| 23 |
better supported on Gentoo (such as when systemd-homed is more |
| 24 |
mainstream). |
| 25 |
|
| 26 |
> > On the topic of treating those responsible appropriately, somehow I |
| 27 |
> > could see this scenario turning into a quiz question. |
| 28 |
> > |
| 29 |
> > I mean, would it kill you to just talk to QA first? |
| 30 |
> |
| 31 |
> I've already got responses from two QA members. This thread is pretty |
| 32 |
> hard to miss. |
| 33 |
|
| 34 |
Well, then why go posting stuff like "guess we'll be triggering a |
| 35 |
warning after all?" |
| 36 |
|
| 37 |
> I'm working on a patch for the install-qa-check.d check |
| 38 |
> and I'm sure I'll get more when I post it. |
| 39 |
|
| 40 |
Are you just allowing it to not create the directory, or are we |
| 41 |
considering patching it to allow creating stuff under /home? It would |
| 42 |
seem that the policy would also need updating in that case, but |
| 43 |
probably not the former. |
| 44 |
|
| 45 |
-- |
| 46 |
Rich |
Archives