| 1 |
On Sun, Jan 19, 2020 at 4:00 PM Michael Orlitzky <mjo@g.o> wrote: |
| 2 |
> |
| 3 |
> On 1/19/20 2:47 PM, Rich Freeman wrote: |
| 4 |
> > |
| 5 |
> > Obviously the UIDs associated with the shared /home need to be |
| 6 |
> > identical. Simplest solution is to sync anything > 1000 in |
| 7 |
> > /etc/passwd, and then not allow UIDs below 1000 in /home. A cron job |
| 8 |
> > could easily handle both, and of course regular users can't go |
| 9 |
> > creating stuff with the wrong UID anyway. |
| 10 |
> |
| 11 |
> That's not enough. You also need to sync any user/group that appears as |
| 12 |
> the owner or group of a file in /home, and every user/group that appears |
| 13 |
> in an ACL in /home, and so on. And since you have no idea what files or |
| 14 |
> access control lists will show up in /home, you'd better sync them all. |
| 15 |
|
| 16 |
That doesn't seem reasonable, considering that this could require |
| 17 |
syncing across various Distros, or even various Unix-like OSes. |
| 18 |
It would be far simpler for the sysadmin to simply ensure that no |
| 19 |
unsynced user owns a file or appears in an ACL. That would be pretty |
| 20 |
trivial to achieve. Whatever is hosting /home could be designed to |
| 21 |
block such changes, or you could just scan for these ownership issues |
| 22 |
periodically and treat those responsible for them appropriately. |
| 23 |
|
| 24 |
In any case, maintaining permissions on stuff in /home is a sysadmin |
| 25 |
responsibility, not a distro responsibility. |
| 26 |
|
| 27 |
On Sun, Jan 19, 2020 at 5:09 PM Michael Orlitzky <mjo@g.o> wrote: |
| 28 |
> |
| 29 |
> Just kidding, the eclass is rigged to die in src_install if you delete |
| 30 |
> the home directory, and if you wait until pkg_preinst, the warning gets |
| 31 |
> shown anyway (for a file that's not there, noice). |
| 32 |
> |
| 33 |
> Guess we'll be triggering a warning after all. |
| 34 |
|
| 35 |
On the topic of treating those responsible appropriately, somehow I |
| 36 |
could see this scenario turning into a quiz question. |
| 37 |
|
| 38 |
I mean, would it kill you to just talk to QA first? |
| 39 |
|
| 40 |
-- |
| 41 |
Rich |
Archives