1 |
Hi Michael, |
2 |
|
3 |
My background: 21 years of Linux, 18 of which was primarily on Gentoo. |
4 |
17 years of no other OS other than Linux. Ex-sysadmin for a largish |
5 |
setup with 4000+ active users, and ~500-600 available workstations and a |
6 |
number of storage and other servers. Not to brag, just to give you an |
7 |
idea of my background and experience. |
8 |
|
9 |
I am against this patch. |
10 |
|
11 |
On 2020/01/20 16:20, Michael Orlitzky wrote: |
12 |
|
13 |
> On 1/20/20 2:02 AM, Ulrich Mueller wrote: |
14 |
>>>>>>> On Mon, 20 Jan 2020, Michael Orlitzky wrote: |
15 |
>>> install-qa-check.d: allow acct-user home directories under /home. |
16 |
>> Nope. As you've been told, /home is site specific and can be setup in |
17 |
>> multiple ways that are incompatible with the package manager installing |
18 |
>> things there (the only exception being baselayout creating the directory |
19 |
>> itself). |
20 |
> I haven't been given a single technical reason why using /home would |
21 |
> cause a problem. What specific incompatibilities are you talking about? |
22 |
|
23 |
From my perspective the following should be adequate: |
24 |
|
25 |
There is technically no real issue, but it's the right thing to do. |
26 |
|
27 |
Right, motivations for your proposal for allowing this: |
28 |
|
29 |
* You want it. |
30 |
|
31 |
Motivations against: |
32 |
|
33 |
* /home belongs to the sys-admin. In above environment if you were to |
34 |
mess with my /home, I'd be very, very angry. |
35 |
* installing stuff into /home using system-local UIDs has potential |
36 |
security impacts if /home is distributed (user id conflicts). |
37 |
* People mentioned encrypted home folders using LUKS ... these typically |
38 |
mount on /home/${username} so I personally think this is less of an issue. |
39 |
* FHS standards (back to it's the right thing to do). |
40 |
* I've worked on numerous distributions (Debian, Ubuntu, RHEL, SuSE, |
41 |
Fedora, Mint, IMPI, knoppix ... probably others) and not once have I |
42 |
encountered system packages messing with /home. Not having encountered |
43 |
it doesn't say there isn't any, just that I've not encountered them. |
44 |
|
45 |
> |
46 |
> |
47 |
>> Quoting FHS-3.0 again: |
48 |
>> |
49 |
>> | On large systems (especially when the /home directories are shared |
50 |
>> | amongst many hosts using NFS) it is useful to subdivide user home |
51 |
>> | directories. Subdivision may be accomplished by using subdirectories |
52 |
>> | such as /home/staff, /home/guests, /home/students, etc. |
53 |
>> |
54 |
>> So, how are you going to detect if such a scheme is used on the system, |
55 |
>> and in which subdirectory the amavis user should be placed? |
56 |
> The same way we detect that scheme before setting a home directory to |
57 |
> /var/lib/whatever, which you may notice, is not under /home/guests or |
58 |
> anything like that. Does this cause a real technical problem, or is it |
59 |
> just more FUD? |
60 |
|
61 |
It's not FUD, there is no fear here, no uncertainty, no doubt. We don't |
62 |
*want* you to touch /home. We want you to use /var/lib. |
63 |
|
64 |
> |
65 |
>> I also wonder why you would send this patch, when there wasn't a single |
66 |
>> voice supporting your proposition in the other thread and several |
67 |
>> opposing ones. |
68 |
> I don't want to just complain without offering a solution. |
69 |
> |
70 |
> No one has pointed out any problems with it. |
71 |
> |
72 |
> This stuff is already in /home, and I'd like to get off user.eclass |
73 |
> without introducing a new QA warning for a keepdir file. |
74 |
|
75 |
Use /var/lib/amavis/work and /var/lib/amavis/home. Simple. |
76 |
|
77 |
Kind Regards, |
78 |
Jaco |