| 1 |
We forbid packages from installing to /home for good reason: for most of |
| 2 |
history, users (and their home directories) were outside the purview of |
| 3 |
the package manager. But with GLEP81, that's changed: the package |
| 4 |
manager is now in charge of creating each system user's home directory |
| 5 |
and of giving it the correct permissions and ownership. |
| 6 |
|
| 7 |
Is the policy against installing to /home still consistent? |
| 8 |
|
| 9 |
For example: the mail-filter/amavisd-new daemon needs a user, typically |
| 10 |
called "amavis". The daemon also needs a working directory that it can |
| 11 |
write to. The obvious choice for a working directory is /var/lib/amavis, |
| 12 |
but there's a catch: spamassassin, razor, pyzor, et cetera (which are |
| 13 |
all used by amavis) store their configuration in the current user's home |
| 14 |
directory, and not in some daemon-specific location. So "amavis" needs a |
| 15 |
home directory, because that's where much of the configuration for |
| 16 |
amavisd goes. |
| 17 |
|
| 18 |
Where do we put amavis's home directory? |
| 19 |
|
| 20 |
1 /var/lib/amavis is a bad idea, because it conflicts with the working |
| 21 |
directory (we don't want the two packages to get out of sync, nor do |
| 22 |
we want to keep them in-sync manually). |
| 23 |
|
| 24 |
2 /var/lib/amavis/home was my next choice, because logically it puts |
| 25 |
the amavisd configuration in a subdirectory of the place where all |
| 26 |
of the other amavis stuff goes, and because it doesn't have the |
| 27 |
same issue that (1) does. |
| 28 |
|
| 29 |
But there's a problem: if we create /var/lib/amavis/home before |
| 30 |
amavisd-new is installed (as happens when you emerge amavisd-new), |
| 31 |
then /var/lib/amavis winds up root:root and the installation of |
| 32 |
amavisd-new doesn't change that. So now amavisd-new doesn't work, |
| 33 |
because it can't write to its working directory. |
| 34 |
|
| 35 |
This is a combination of an implementation detail and the fact that |
| 36 |
the PMS doesn't cover directories; but ultimately, it just doesn't |
| 37 |
work reliably. |
| 38 |
|
| 39 |
3 /home/amavis also seems fine to me, except for the fact that it's a |
| 40 |
QA violation to install there. |
| 41 |
|
| 42 |
Note that we could always set system users' home directories to |
| 43 |
/home/whatever. It has only become a QA violation with GLEP81 because |
| 44 |
the eclass calls keepdir on the user's home directory. |
| 45 |
|
| 46 |
Should option (3) be viable, or do I go back to the drawing board? |
Archives