| 1 |
On Sun, Sep 1, 2019 at 1:48 PM Michael Orlitzky <mjo@g.o> wrote: |
| 2 |
> +<subsection> |
| 3 |
> + <title>Choosing a home directory</title> |
| 4 |
> + <body> |
| 5 |
> + <p> |
| 6 |
> + In most cases, the default home directory (that is, no home |
| 7 |
> + directory) should be used. GLEP81 changed two aspects of user |
| 8 |
> + management with respect to home directories: |
| 9 |
> + </p> |
| 10 |
> + |
| 11 |
> + <ol> |
| 12 |
> + <li> |
| 13 |
> + Creating a user can now modify the permissions on an existing |
| 14 |
> + directory. Should the need arise, this is necessary for a new |
| 15 |
> + version of an <c>acct-user</c> package to be able to fix the |
| 16 |
> + ownership and permissions of its home directory. |
| 17 |
> + </li> |
| 18 |
> + <li> |
| 19 |
> + All user data aside from the username became non-local to |
| 20 |
> + ebuilds that depend on that user. This is merely a side-effect |
| 21 |
> + of moving the user creation out of the client package, and |
| 22 |
> + into a separate <c>acct-user</c> package. |
| 23 |
> + </li> |
| 24 |
> + </ol> |
| 25 |
> + |
| 26 |
> + <p> |
| 27 |
> + The first item means that you should be conservative when |
| 28 |
> + choosing a home directory. If at all possible, avoid choosing a |
| 29 |
> + home directory that is used by another package. In particular, |
| 30 |
> + no two <c>acct-user</c> packages should use the same home |
| 31 |
> + directory. At best, the ownership and permissions on a shared |
| 32 |
> + home directory would need to be kept synchronized between all |
| 33 |
> + packages that share it. At worst, one package goes out-of-sync |
| 34 |
> + and introduces a security hole for the others who no longer have |
| 35 |
> + the expected permissions. |
| 36 |
> + </p> |
| 37 |
> + |
| 38 |
> + <p> |
| 39 |
> + The second item means that if your package requires a user, you |
| 40 |
> + can no longer be sure of that user's home directory or its |
| 41 |
> + ownership and permissions. If your package requires a directory |
| 42 |
> + to be owned and writable by some user, then your package's |
| 43 |
> + ebuild should create that directory and ensure that it is |
| 44 |
> + writable by the user. In other words, you should not rely on the |
| 45 |
> + directory being created "transitively" by a dependency, even if |
| 46 |
> + that dependency is an <c>acct-user</c> package. |
| 47 |
> + </p> |
| 48 |
|
| 49 |
I can't really agree with the advice given in this section. |
| 50 |
|
| 51 |
If I'm maintaining a package and an associated acct-user package, I'm |
| 52 |
going to keep the two in sync. I don't see why I should have to create |
| 53 |
a directory via pkg_postinst when I could allow the acct-user package |
| 54 |
to do it for me. |
| 55 |
|
| 56 |
That the data is "non-local" is irrelevant if I'm maintaining both ebuilds. |
Archives