1 |
On Sun, Jan 19, 2020 at 8:51 PM Michael Orlitzky <mjo@g.o> wrote: |
2 |
> |
3 |
> On 1/19/20 8:20 PM, Rich Freeman wrote: |
4 |
> > It would be far simpler for the sysadmin to simply ensure that no |
5 |
> > unsynced user owns a file or appears in an ACL. That would be pretty |
6 |
> > trivial to achieve. Whatever is hosting /home could be designed to |
7 |
> > block such changes, or you could just scan for these ownership issues |
8 |
> > periodically and treat those responsible for them appropriately. |
9 |
> |
10 |
> Fantasy scenarios again. I'm not going to debunk a system that you just |
11 |
> thought up and that has never existed. Why don't you find one person who |
12 |
> actually does this, and see if it bothers him if we create a home |
13 |
> directory under /home where it belongs? |
14 |
|
15 |
Uh, I'm pretty confident that nothing in my /home is owned by a UID |
16 |
under 1000, or has an ACL referencing such a UID. I just checked with |
17 |
myself and I don't want you creating directories in /home. |
18 |
|
19 |
This really seems like it has the potential to create a mess for |
20 |
anybody using LUKS-encrypted home directories, stuff mounted from |
21 |
CIFS, and so on. While I personally don't do either it seems fairly |
22 |
mainstream, and I could eventually see myself using it more once |
23 |
better supported on Gentoo (such as when systemd-homed is more |
24 |
mainstream). |
25 |
|
26 |
> > On the topic of treating those responsible appropriately, somehow I |
27 |
> > could see this scenario turning into a quiz question. |
28 |
> > |
29 |
> > I mean, would it kill you to just talk to QA first? |
30 |
> |
31 |
> I've already got responses from two QA members. This thread is pretty |
32 |
> hard to miss. |
33 |
|
34 |
Well, then why go posting stuff like "guess we'll be triggering a |
35 |
warning after all?" |
36 |
|
37 |
> I'm working on a patch for the install-qa-check.d check |
38 |
> and I'm sure I'll get more when I post it. |
39 |
|
40 |
Are you just allowing it to not create the directory, or are we |
41 |
considering patching it to allow creating stuff under /home? It would |
42 |
seem that the policy would also need updating in that case, but |
43 |
probably not the former. |
44 |
|
45 |
-- |
46 |
Rich |