1 |
On Sun, 2020-01-19 at 22:43 -0500, Michael Orlitzky wrote: |
2 |
> In rare cases, a system user will need a real home directory to store |
3 |
> per-user configuration data and/or be accessed interactively by a |
4 |
> human being. In those cases, /home/${username} is an appropriate place |
5 |
> for the user's home directory. Using /home is allowed and encouraged |
6 |
> by the FHS, and there are no real technical obstacles to it aside from |
7 |
> an install-time QA warning about the path. |
8 |
> |
9 |
> Before GLEP81, the efficacy of this check was unarguable. With |
10 |
> enewuser, you could still set a user's home directory to a location |
11 |
> under /home, but the lack of a "keepdir" meant that it would fly under |
12 |
> the radar during the QA check. As a result, the QA check would only |
13 |
> flag truly problematic files. With GLEP81, however, an implementation |
14 |
> detail leads this check to flag the user's home directory. |
15 |
> |
16 |
> This commit makes an exception for the home directory /home/${PN} |
17 |
> itself, and the /home/${PN}/.keep* file it contains. This lets us |
18 |
> migrate existing user.eclass ebuilds to GLEP81 without triggering a |
19 |
> new QA warning on a dummy file. |
20 |
> |
21 |
> This will be useful in at least two real situations: |
22 |
> |
23 |
> * The "amavis" user exists to launch the amavisd daemon, but much of |
24 |
> the configuration for that user is created in $HOME by a human who |
25 |
> is logged in as "amavis" interactively. This is user data by any |
26 |
> definition, and should be stored in /home/amavis rather than |
27 |
> dumping it in the daemon's working directory. |
28 |
> |
29 |
> * The "spamd" user gets its SpamAssassin configuration the same way |
30 |
> local users do in a traditional UNIX mail setup: by reading it out |
31 |
> of $HOME. This is user data, even though it happens to affect the |
32 |
> daemon. With user.eclass, /home/spamd is already used as the home |
33 |
> directory. When migrating to GLEP81, we should not break existing |
34 |
> systems and force a migration just to avoid an old warning. |
35 |
> |
36 |
> There are other potential uses as well. If I want to share (real |
37 |
> human) user accounts across multiple Gentoo installs per the design of |
38 |
> GLEP81, then I can do that with acct-user packages in an overlay. The |
39 |
> user packages ensure that the same UIDs and GIDs get used on every |
40 |
> system, but if I do this with my "mjo" account, I'm going to want |
41 |
> /home/mjo to be my home directory. There's nothing wrong with that, |
42 |
> so we shouldn't warn about it. |
43 |
> --- |
44 |
> metadata/install-qa-check.d/08gentoo-paths | 27 ++++++++++++++++++++++ |
45 |
> 1 file changed, 27 insertions(+) |
46 |
> |
47 |
> diff --git a/metadata/install-qa-check.d/08gentoo-paths b/metadata/install-qa-check.d/08gentoo-paths |
48 |
> index 5161aef9922..ab9bd64d0e0 100644 |
49 |
> --- a/metadata/install-qa-check.d/08gentoo-paths |
50 |
> +++ b/metadata/install-qa-check.d/08gentoo-paths |
51 |
> @@ -19,6 +19,10 @@ gentoo_path_check() { |
52 |
> boot dev etc opt srv usr var |
53 |
> ) |
54 |
> |
55 |
> + # We make an exception and allow acct-user packages to install to |
56 |
> + # /home in rare circumstances. |
57 |
> + [[ "${CATEGORY}" == "acct-user" ]] && allowed_paths_toplevel+=( home ) |
58 |
> + |
59 |
> # directories in /usr which can be installed to by ebuilds |
60 |
> # /usr/games is not included as it is banned nowadays |
61 |
> local allowed_paths_usr=( |
62 |
> @@ -61,6 +65,29 @@ gentoo_path_check() { |
63 |
> fi |
64 |
> done |
65 |
> |
66 |
> + # Normally ebuilds should not install anything under /home. If this |
67 |
> + # is a GLEP81 user package, however, we make an exception for the |
68 |
> + # user's home directory itself and the ".keep" file within it. This |
69 |
> + # allows GLEP81 user packages to have home directories under /home, |
70 |
> + # which can be useful if the account is meant to be used by a human |
71 |
> + # to store configuration data or run maintenance tasks. |
72 |
> + if [[ "${CATEGORY}" == "acct-user" ]]; then |
73 |
> + local f found=() |
74 |
> + while read -r -d '' f; do |
75 |
> + found+=( "${f}" ) |
76 |
> + done < <(find -L "${ED%/}/home" \ |
77 |
> + -mindepth 1 \ |
78 |
> + -maxdepth 2 \ |
79 |
> + ! -path "${ED%/}/home/${PN}" \ |
80 |
> + ! -path "${ED%/}/home/${PN}/.keep*" \ |
81 |
> + -print0) |
82 |
> + |
83 |
> + if [[ ${found[@]} ]]; then |
84 |
> + # mimic the output for non-acct-user packages. |
85 |
> + bad_paths+=( "/home" ) |
86 |
> + fi |
87 |
> + fi |
88 |
> + |
89 |
> ${shopt_save} |
90 |
> |
91 |
> # report |
92 |
|
93 |
NAK. /home belongs to paths that are deliberately left for sysadmin to |
94 |
manage and use for real (read: human) users. 'Rare cases' are no |
95 |
justification to abuse those paths, especially that there is no |
96 |
technical reason not to use /var (or /srv) as intended for system users. |
97 |
|
98 |
-- |
99 |
Best regards, |
100 |
Michał Górny |