Gentoo Archives: gentoo-dev

From: "Robin H. Johnson" <robbat2@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] [PATCH 0/2] allow acct-user home directories in /home
Date: Tue, 21 Jan 2020 18:24:24
Message-Id: robbat2-20200121T181138-154464208Z@orbis-terrarum.net
In Reply to: Re: [gentoo-dev] [PATCH 0/2] allow acct-user home directories in /home by Michael Orlitzky
1 On Mon, Jan 20, 2020 at 06:07:06PM -0500, Michael Orlitzky wrote:
2 > As I've said, a human uses the "amavis" account.
3 I think this statement here needs a bit of expansion, and thus it more
4 clarity happens.
5
6 Your aforementioned human generally doesn't use the 'amavis' account in
7 the same way that they might use a normal account. They don't expect to
8 login to it with GNOME/SSH and run typical user applications
9 (Libreoffice, Nethack etc.).
10
11 It's a system account that CAN get configured by a human manually
12 becoming that user. Either by login or means of changing effective UID
13 (su, sudo, doas, ksu, pmrun, runas, ...).
14
15 For a more secure environment, I would expect amavis to never have a
16 password and thus not be subject to normal login flows.
17
18 Gentoo Infra manages amavis & spamd without logging in as a human:
19 configuration management is used to change settings & files.
20
21 From this, I posit that something OUTSIDE of /home is the most-correct
22 location. /srv or /var.
23
24 Upstream uses /var/amavis
25 Debian uses /var/lib/amavis
26
27 I'm sympathetic to past users who have /home/amavisd and need to
28 migrate it, but such is the nature of sysadmin life.
29
30 --
31 Robin Hugh Johnson
32 Gentoo Linux: Dev, Infra Lead, Foundation Treasurer
33 E-Mail : robbat2@g.o
34 GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
35 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136

Attachments

File name MIME type
signature.asc application/pgp-signature