1 |
On Sun, Sep 1, 2019 at 1:48 PM Michael Orlitzky <mjo@g.o> wrote: |
2 |
> +<subsection> |
3 |
> + <title>Choosing a home directory</title> |
4 |
> + <body> |
5 |
> + <p> |
6 |
> + In most cases, the default home directory (that is, no home |
7 |
> + directory) should be used. GLEP81 changed two aspects of user |
8 |
> + management with respect to home directories: |
9 |
> + </p> |
10 |
> + |
11 |
> + <ol> |
12 |
> + <li> |
13 |
> + Creating a user can now modify the permissions on an existing |
14 |
> + directory. Should the need arise, this is necessary for a new |
15 |
> + version of an <c>acct-user</c> package to be able to fix the |
16 |
> + ownership and permissions of its home directory. |
17 |
> + </li> |
18 |
> + <li> |
19 |
> + All user data aside from the username became non-local to |
20 |
> + ebuilds that depend on that user. This is merely a side-effect |
21 |
> + of moving the user creation out of the client package, and |
22 |
> + into a separate <c>acct-user</c> package. |
23 |
> + </li> |
24 |
> + </ol> |
25 |
> + |
26 |
> + <p> |
27 |
> + The first item means that you should be conservative when |
28 |
> + choosing a home directory. If at all possible, avoid choosing a |
29 |
> + home directory that is used by another package. In particular, |
30 |
> + no two <c>acct-user</c> packages should use the same home |
31 |
> + directory. At best, the ownership and permissions on a shared |
32 |
> + home directory would need to be kept synchronized between all |
33 |
> + packages that share it. At worst, one package goes out-of-sync |
34 |
> + and introduces a security hole for the others who no longer have |
35 |
> + the expected permissions. |
36 |
> + </p> |
37 |
> + |
38 |
> + <p> |
39 |
> + The second item means that if your package requires a user, you |
40 |
> + can no longer be sure of that user's home directory or its |
41 |
> + ownership and permissions. If your package requires a directory |
42 |
> + to be owned and writable by some user, then your package's |
43 |
> + ebuild should create that directory and ensure that it is |
44 |
> + writable by the user. In other words, you should not rely on the |
45 |
> + directory being created "transitively" by a dependency, even if |
46 |
> + that dependency is an <c>acct-user</c> package. |
47 |
> + </p> |
48 |
|
49 |
I can't really agree with the advice given in this section. |
50 |
|
51 |
If I'm maintaining a package and an associated acct-user package, I'm |
52 |
going to keep the two in sync. I don't see why I should have to create |
53 |
a directory via pkg_postinst when I could allow the acct-user package |
54 |
to do it for me. |
55 |
|
56 |
That the data is "non-local" is irrelevant if I'm maintaining both ebuilds. |