| 1 |
On Sun, 2020-01-19 at 22:43 -0500, Michael Orlitzky wrote: |
| 2 |
> In rare cases, a system user will need a real home directory to store |
| 3 |
> per-user configuration data and/or be accessed interactively by a |
| 4 |
> human being. In those cases, /home/${username} is an appropriate place |
| 5 |
> for the user's home directory. Using /home is allowed and encouraged |
| 6 |
> by the FHS, and there are no real technical obstacles to it aside from |
| 7 |
> an install-time QA warning about the path. |
| 8 |
> |
| 9 |
> Before GLEP81, the efficacy of this check was unarguable. With |
| 10 |
> enewuser, you could still set a user's home directory to a location |
| 11 |
> under /home, but the lack of a "keepdir" meant that it would fly under |
| 12 |
> the radar during the QA check. As a result, the QA check would only |
| 13 |
> flag truly problematic files. With GLEP81, however, an implementation |
| 14 |
> detail leads this check to flag the user's home directory. |
| 15 |
> |
| 16 |
> This commit makes an exception for the home directory /home/${PN} |
| 17 |
> itself, and the /home/${PN}/.keep* file it contains. This lets us |
| 18 |
> migrate existing user.eclass ebuilds to GLEP81 without triggering a |
| 19 |
> new QA warning on a dummy file. |
| 20 |
> |
| 21 |
> This will be useful in at least two real situations: |
| 22 |
> |
| 23 |
> * The "amavis" user exists to launch the amavisd daemon, but much of |
| 24 |
> the configuration for that user is created in $HOME by a human who |
| 25 |
> is logged in as "amavis" interactively. This is user data by any |
| 26 |
> definition, and should be stored in /home/amavis rather than |
| 27 |
> dumping it in the daemon's working directory. |
| 28 |
> |
| 29 |
> * The "spamd" user gets its SpamAssassin configuration the same way |
| 30 |
> local users do in a traditional UNIX mail setup: by reading it out |
| 31 |
> of $HOME. This is user data, even though it happens to affect the |
| 32 |
> daemon. With user.eclass, /home/spamd is already used as the home |
| 33 |
> directory. When migrating to GLEP81, we should not break existing |
| 34 |
> systems and force a migration just to avoid an old warning. |
| 35 |
> |
| 36 |
> There are other potential uses as well. If I want to share (real |
| 37 |
> human) user accounts across multiple Gentoo installs per the design of |
| 38 |
> GLEP81, then I can do that with acct-user packages in an overlay. The |
| 39 |
> user packages ensure that the same UIDs and GIDs get used on every |
| 40 |
> system, but if I do this with my "mjo" account, I'm going to want |
| 41 |
> /home/mjo to be my home directory. There's nothing wrong with that, |
| 42 |
> so we shouldn't warn about it. |
| 43 |
> --- |
| 44 |
> metadata/install-qa-check.d/08gentoo-paths | 27 ++++++++++++++++++++++ |
| 45 |
> 1 file changed, 27 insertions(+) |
| 46 |
> |
| 47 |
> diff --git a/metadata/install-qa-check.d/08gentoo-paths b/metadata/install-qa-check.d/08gentoo-paths |
| 48 |
> index 5161aef9922..ab9bd64d0e0 100644 |
| 49 |
> --- a/metadata/install-qa-check.d/08gentoo-paths |
| 50 |
> +++ b/metadata/install-qa-check.d/08gentoo-paths |
| 51 |
> @@ -19,6 +19,10 @@ gentoo_path_check() { |
| 52 |
> boot dev etc opt srv usr var |
| 53 |
> ) |
| 54 |
> |
| 55 |
> + # We make an exception and allow acct-user packages to install to |
| 56 |
> + # /home in rare circumstances. |
| 57 |
> + [[ "${CATEGORY}" == "acct-user" ]] && allowed_paths_toplevel+=( home ) |
| 58 |
> + |
| 59 |
> # directories in /usr which can be installed to by ebuilds |
| 60 |
> # /usr/games is not included as it is banned nowadays |
| 61 |
> local allowed_paths_usr=( |
| 62 |
> @@ -61,6 +65,29 @@ gentoo_path_check() { |
| 63 |
> fi |
| 64 |
> done |
| 65 |
> |
| 66 |
> + # Normally ebuilds should not install anything under /home. If this |
| 67 |
> + # is a GLEP81 user package, however, we make an exception for the |
| 68 |
> + # user's home directory itself and the ".keep" file within it. This |
| 69 |
> + # allows GLEP81 user packages to have home directories under /home, |
| 70 |
> + # which can be useful if the account is meant to be used by a human |
| 71 |
> + # to store configuration data or run maintenance tasks. |
| 72 |
> + if [[ "${CATEGORY}" == "acct-user" ]]; then |
| 73 |
> + local f found=() |
| 74 |
> + while read -r -d '' f; do |
| 75 |
> + found+=( "${f}" ) |
| 76 |
> + done < <(find -L "${ED%/}/home" \ |
| 77 |
> + -mindepth 1 \ |
| 78 |
> + -maxdepth 2 \ |
| 79 |
> + ! -path "${ED%/}/home/${PN}" \ |
| 80 |
> + ! -path "${ED%/}/home/${PN}/.keep*" \ |
| 81 |
> + -print0) |
| 82 |
> + |
| 83 |
> + if [[ ${found[@]} ]]; then |
| 84 |
> + # mimic the output for non-acct-user packages. |
| 85 |
> + bad_paths+=( "/home" ) |
| 86 |
> + fi |
| 87 |
> + fi |
| 88 |
> + |
| 89 |
> ${shopt_save} |
| 90 |
> |
| 91 |
> # report |
| 92 |
|
| 93 |
NAK. /home belongs to paths that are deliberately left for sysadmin to |
| 94 |
manage and use for real (read: human) users. 'Rare cases' are no |
| 95 |
justification to abuse those paths, especially that there is no |
| 96 |
technical reason not to use /var (or /srv) as intended for system users. |
| 97 |
|
| 98 |
-- |
| 99 |
Best regards, |
| 100 |
Michał Górny |
Archives