1 |
On Sun, Jan 19, 2020 at 4:00 PM Michael Orlitzky <mjo@g.o> wrote: |
2 |
> |
3 |
> On 1/19/20 2:47 PM, Rich Freeman wrote: |
4 |
> > |
5 |
> > Obviously the UIDs associated with the shared /home need to be |
6 |
> > identical. Simplest solution is to sync anything > 1000 in |
7 |
> > /etc/passwd, and then not allow UIDs below 1000 in /home. A cron job |
8 |
> > could easily handle both, and of course regular users can't go |
9 |
> > creating stuff with the wrong UID anyway. |
10 |
> |
11 |
> That's not enough. You also need to sync any user/group that appears as |
12 |
> the owner or group of a file in /home, and every user/group that appears |
13 |
> in an ACL in /home, and so on. And since you have no idea what files or |
14 |
> access control lists will show up in /home, you'd better sync them all. |
15 |
|
16 |
That doesn't seem reasonable, considering that this could require |
17 |
syncing across various Distros, or even various Unix-like OSes. |
18 |
It would be far simpler for the sysadmin to simply ensure that no |
19 |
unsynced user owns a file or appears in an ACL. That would be pretty |
20 |
trivial to achieve. Whatever is hosting /home could be designed to |
21 |
block such changes, or you could just scan for these ownership issues |
22 |
periodically and treat those responsible for them appropriately. |
23 |
|
24 |
In any case, maintaining permissions on stuff in /home is a sysadmin |
25 |
responsibility, not a distro responsibility. |
26 |
|
27 |
On Sun, Jan 19, 2020 at 5:09 PM Michael Orlitzky <mjo@g.o> wrote: |
28 |
> |
29 |
> Just kidding, the eclass is rigged to die in src_install if you delete |
30 |
> the home directory, and if you wait until pkg_preinst, the warning gets |
31 |
> shown anyway (for a file that's not there, noice). |
32 |
> |
33 |
> Guess we'll be triggering a warning after all. |
34 |
|
35 |
On the topic of treating those responsible appropriately, somehow I |
36 |
could see this scenario turning into a quiz question. |
37 |
|
38 |
I mean, would it kill you to just talk to QA first? |
39 |
|
40 |
-- |
41 |
Rich |