Mailing List Archive

1 2  View All
Re: GLEP81 and /home [ In reply to ]
On Sun, Jan 19, 2020 at 8:51 PM Michael Orlitzky <mjo@gentoo.org> wrote:
>
> On 1/19/20 8:20 PM, Rich Freeman wrote:
> > It would be far simpler for the sysadmin to simply ensure that no
> > unsynced user owns a file or appears in an ACL. That would be pretty
> > trivial to achieve. Whatever is hosting /home could be designed to
> > block such changes, or you could just scan for these ownership issues
> > periodically and treat those responsible for them appropriately.
>
> Fantasy scenarios again. I'm not going to debunk a system that you just
> thought up and that has never existed. Why don't you find one person who
> actually does this, and see if it bothers him if we create a home
> directory under /home where it belongs?

Uh, I'm pretty confident that nothing in my /home is owned by a UID
under 1000, or has an ACL referencing such a UID. I just checked with
myself and I don't want you creating directories in /home.

This really seems like it has the potential to create a mess for
anybody using LUKS-encrypted home directories, stuff mounted from
CIFS, and so on. While I personally don't do either it seems fairly
mainstream, and I could eventually see myself using it more once
better supported on Gentoo (such as when systemd-homed is more
mainstream).

> > On the topic of treating those responsible appropriately, somehow I
> > could see this scenario turning into a quiz question.
> >
> > I mean, would it kill you to just talk to QA first?
>
> I've already got responses from two QA members. This thread is pretty
> hard to miss.

Well, then why go posting stuff like "guess we'll be triggering a
warning after all?"

> I'm working on a patch for the install-qa-check.d check
> and I'm sure I'll get more when I post it.

Are you just allowing it to not create the directory, or are we
considering patching it to allow creating stuff under /home? It would
seem that the policy would also need updating in that case, but
probably not the former.

--
Rich
Re: GLEP81 and /home [ In reply to ]
On 1/19/20 9:52 PM, Rich Freeman wrote:
>>
>> Fantasy scenarios again. I'm not going to debunk a system that you just
>> thought up and that has never existed. Why don't you find one person who
>> actually does this, and see if it bothers him if we create a home
>> directory under /home where it belongs?
>
> Uh, I'm pretty confident that nothing in my /home is owned by a UID
> under 1000, or has an ACL referencing such a UID. I just checked with
> myself and I don't want you creating directories in /home.

This is retarded, stop wasting my time.


>>>
>>> I mean, would it kill you to just talk to QA first?
>>
>> I've already got responses from two QA members. This thread is pretty
>> hard to miss.
>
> Well, then why go posting stuff like "guess we'll be triggering a
> warning after all?"

If these two things are logically connected, I don't see it.


>
>> I'm working on a patch for the install-qa-check.d check
>> and I'm sure I'll get more when I post it.
>
> Are you just allowing it to not create the directory, or are we
> considering patching it to allow creating stuff under /home? It would
> seem that the policy would also need updating in that case, but
> probably not the former.
>

The patch will make an exception for acct-user packages only; for /home,
/home/${PN}, and /home/${PN}/.keep*. In other words, it makes things
work exactly how they did before the GLEP81 eclass started keepdir'ing
the home directory.
Re: GLEP81 and /home [ In reply to ]
On Sun, Jan 19, 2020 at 10:16 PM Michael Orlitzky <mjo@gentoo.org> wrote:
>
> This is retarded, stop wasting my time.
>

There is nothing retarded about shared /home directories. They're
pretty common in the real world.

> >> I've already got responses from two QA members. This thread is pretty
> >> hard to miss.
> >
> > Well, then why go posting stuff like "guess we'll be triggering a
> > warning after all?"
>
> If these two things are logically connected, I don't see it.

If you're working with QA to change the QA checks, then you won't be
triggering warnings.

> >> I'm working on a patch for the install-qa-check.d check
> >> and I'm sure I'll get more when I post it.
> >
> > Are you just allowing it to not create the directory, or are we
> > considering patching it to allow creating stuff under /home? It would
> > seem that the policy would also need updating in that case, but
> > probably not the former.
>
> The patch will make an exception for acct-user packages only; for /home,
> /home/${PN}, and /home/${PN}/.keep*. In other words, it makes things
> work exactly how they did before the GLEP81 eclass started keepdir'ing
> the home directory.

IMO this isn't the right direction to go in, but we can always put it
on the council agenda. Maintaining the status quo (pre-QA-check) in
the interim isn't unreasonable, nor is keeping your package behavior
as it is for now. Obviously this issue has been around for some time.
I realize that you didn't invent it.

I guess this is the sort of thing that people will tend to disagree
on. At least Gentoo doesn't force this nonsense down my throat. :)

--
Rich
Re: GLEP81 and /home [ In reply to ]
On 1/19/20 10:40 PM, Rich Freeman wrote:
> On Sun, Jan 19, 2020 at 10:16 PM Michael Orlitzky <mjo@gentoo.org> wrote:
>>
>> This is retarded, stop wasting my time.
>>
>
> There is nothing retarded about shared /home directories. They're
> pretty common in the real world.
>

What's retarded is copy/pasting words from last week's buzzword bingo as
if they're valid reasons to not use /home for home directories.

LUKS is a thing, but you don't use it. CIFS is a thing, but you don't
use it. Shared home directories are a thing, but you don't use it. Give
me one real example of how any of these things cause a problem and I'll
change my stance. I don't have a special emotional attachment to /home.
I think it's where this stuff should go because (a) home directories are
what /home is for, and (b) it doesn't cause any other problems. If (b)
isn't true, you win.

1 2  View All