| 1 |
Hi Michael, |
| 2 |
|
| 3 |
My background: 21 years of Linux, 18 of which was primarily on Gentoo. |
| 4 |
17 years of no other OS other than Linux. Ex-sysadmin for a largish |
| 5 |
setup with 4000+ active users, and ~500-600 available workstations and a |
| 6 |
number of storage and other servers. Not to brag, just to give you an |
| 7 |
idea of my background and experience. |
| 8 |
|
| 9 |
I am against this patch. |
| 10 |
|
| 11 |
On 2020/01/20 16:20, Michael Orlitzky wrote: |
| 12 |
|
| 13 |
> On 1/20/20 2:02 AM, Ulrich Mueller wrote: |
| 14 |
>>>>>>> On Mon, 20 Jan 2020, Michael Orlitzky wrote: |
| 15 |
>>> install-qa-check.d: allow acct-user home directories under /home. |
| 16 |
>> Nope. As you've been told, /home is site specific and can be setup in |
| 17 |
>> multiple ways that are incompatible with the package manager installing |
| 18 |
>> things there (the only exception being baselayout creating the directory |
| 19 |
>> itself). |
| 20 |
> I haven't been given a single technical reason why using /home would |
| 21 |
> cause a problem. What specific incompatibilities are you talking about? |
| 22 |
|
| 23 |
From my perspective the following should be adequate: |
| 24 |
|
| 25 |
There is technically no real issue, but it's the right thing to do. |
| 26 |
|
| 27 |
Right, motivations for your proposal for allowing this: |
| 28 |
|
| 29 |
* You want it. |
| 30 |
|
| 31 |
Motivations against: |
| 32 |
|
| 33 |
* /home belongs to the sys-admin. In above environment if you were to |
| 34 |
mess with my /home, I'd be very, very angry. |
| 35 |
* installing stuff into /home using system-local UIDs has potential |
| 36 |
security impacts if /home is distributed (user id conflicts). |
| 37 |
* People mentioned encrypted home folders using LUKS ... these typically |
| 38 |
mount on /home/${username} so I personally think this is less of an issue. |
| 39 |
* FHS standards (back to it's the right thing to do). |
| 40 |
* I've worked on numerous distributions (Debian, Ubuntu, RHEL, SuSE, |
| 41 |
Fedora, Mint, IMPI, knoppix ... probably others) and not once have I |
| 42 |
encountered system packages messing with /home. Not having encountered |
| 43 |
it doesn't say there isn't any, just that I've not encountered them. |
| 44 |
|
| 45 |
> |
| 46 |
> |
| 47 |
>> Quoting FHS-3.0 again: |
| 48 |
>> |
| 49 |
>> | On large systems (especially when the /home directories are shared |
| 50 |
>> | amongst many hosts using NFS) it is useful to subdivide user home |
| 51 |
>> | directories. Subdivision may be accomplished by using subdirectories |
| 52 |
>> | such as /home/staff, /home/guests, /home/students, etc. |
| 53 |
>> |
| 54 |
>> So, how are you going to detect if such a scheme is used on the system, |
| 55 |
>> and in which subdirectory the amavis user should be placed? |
| 56 |
> The same way we detect that scheme before setting a home directory to |
| 57 |
> /var/lib/whatever, which you may notice, is not under /home/guests or |
| 58 |
> anything like that. Does this cause a real technical problem, or is it |
| 59 |
> just more FUD? |
| 60 |
|
| 61 |
It's not FUD, there is no fear here, no uncertainty, no doubt. We don't |
| 62 |
*want* you to touch /home. We want you to use /var/lib. |
| 63 |
|
| 64 |
> |
| 65 |
>> I also wonder why you would send this patch, when there wasn't a single |
| 66 |
>> voice supporting your proposition in the other thread and several |
| 67 |
>> opposing ones. |
| 68 |
> I don't want to just complain without offering a solution. |
| 69 |
> |
| 70 |
> No one has pointed out any problems with it. |
| 71 |
> |
| 72 |
> This stuff is already in /home, and I'd like to get off user.eclass |
| 73 |
> without introducing a new QA warning for a keepdir file. |
| 74 |
|
| 75 |
Use /var/lib/amavis/work and /var/lib/amavis/home. Simple. |
| 76 |
|
| 77 |
Kind Regards, |
| 78 |
Jaco |
Archives