1 |
On Mon, Jan 20, 2020 at 06:07:06PM -0500, Michael Orlitzky wrote: |
2 |
> As I've said, a human uses the "amavis" account. |
3 |
I think this statement here needs a bit of expansion, and thus it more |
4 |
clarity happens. |
5 |
|
6 |
Your aforementioned human generally doesn't use the 'amavis' account in |
7 |
the same way that they might use a normal account. They don't expect to |
8 |
login to it with GNOME/SSH and run typical user applications |
9 |
(Libreoffice, Nethack etc.). |
10 |
|
11 |
It's a system account that CAN get configured by a human manually |
12 |
becoming that user. Either by login or means of changing effective UID |
13 |
(su, sudo, doas, ksu, pmrun, runas, ...). |
14 |
|
15 |
For a more secure environment, I would expect amavis to never have a |
16 |
password and thus not be subject to normal login flows. |
17 |
|
18 |
Gentoo Infra manages amavis & spamd without logging in as a human: |
19 |
configuration management is used to change settings & files. |
20 |
|
21 |
From this, I posit that something OUTSIDE of /home is the most-correct |
22 |
location. /srv or /var. |
23 |
|
24 |
Upstream uses /var/amavis |
25 |
Debian uses /var/lib/amavis |
26 |
|
27 |
I'm sympathetic to past users who have /home/amavisd and need to |
28 |
migrate it, but such is the nature of sysadmin life. |
29 |
|
30 |
-- |
31 |
Robin Hugh Johnson |
32 |
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer |
33 |
E-Mail : robbat2@g.o |
34 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
35 |
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 |