1 |
We forbid packages from installing to /home for good reason: for most of |
2 |
history, users (and their home directories) were outside the purview of |
3 |
the package manager. But with GLEP81, that's changed: the package |
4 |
manager is now in charge of creating each system user's home directory |
5 |
and of giving it the correct permissions and ownership. |
6 |
|
7 |
Is the policy against installing to /home still consistent? |
8 |
|
9 |
For example: the mail-filter/amavisd-new daemon needs a user, typically |
10 |
called "amavis". The daemon also needs a working directory that it can |
11 |
write to. The obvious choice for a working directory is /var/lib/amavis, |
12 |
but there's a catch: spamassassin, razor, pyzor, et cetera (which are |
13 |
all used by amavis) store their configuration in the current user's home |
14 |
directory, and not in some daemon-specific location. So "amavis" needs a |
15 |
home directory, because that's where much of the configuration for |
16 |
amavisd goes. |
17 |
|
18 |
Where do we put amavis's home directory? |
19 |
|
20 |
1 /var/lib/amavis is a bad idea, because it conflicts with the working |
21 |
directory (we don't want the two packages to get out of sync, nor do |
22 |
we want to keep them in-sync manually). |
23 |
|
24 |
2 /var/lib/amavis/home was my next choice, because logically it puts |
25 |
the amavisd configuration in a subdirectory of the place where all |
26 |
of the other amavis stuff goes, and because it doesn't have the |
27 |
same issue that (1) does. |
28 |
|
29 |
But there's a problem: if we create /var/lib/amavis/home before |
30 |
amavisd-new is installed (as happens when you emerge amavisd-new), |
31 |
then /var/lib/amavis winds up root:root and the installation of |
32 |
amavisd-new doesn't change that. So now amavisd-new doesn't work, |
33 |
because it can't write to its working directory. |
34 |
|
35 |
This is a combination of an implementation detail and the fact that |
36 |
the PMS doesn't cover directories; but ultimately, it just doesn't |
37 |
work reliably. |
38 |
|
39 |
3 /home/amavis also seems fine to me, except for the fact that it's a |
40 |
QA violation to install there. |
41 |
|
42 |
Note that we could always set system users' home directories to |
43 |
/home/whatever. It has only become a QA violation with GLEP81 because |
44 |
the eclass calls keepdir on the user's home directory. |
45 |
|
46 |
Should option (3) be viable, or do I go back to the drawing board? |