On Sun, Jul 01, 2012 at 02:29:05PM +0100, Roger Leigh wrote: > On Sun, Jul 01, 2012 at 02:56:13PM +0200, Marc Haber wrote: > > On Sun, Jul 01, 2012 at 01:04:17PM +0100, Roger Leigh wrote: > > > On Sun, Jul 01, 2012 at 12:44:48PM +0200, Marc Haber wrote: > > > > Debian QA decided recently that it is bad to have a system/package > > > > account created with its home directory in /home/package, as it is > > > > adduser --system's default btw. I am therefore faced with having to > > > > change /home to some non-/home place. Unfortunately, policy does not > > > > give any hint about how to do it right. > > > > > > > > Where do I put my user's home directory? In this case, the user's home > > > > directory contains a .ssh with known_hosts, authorized_keys and actual > > > > keys and it might additionally accumulate some regular dotfiles. > > > > > > I'd go with /var/lib, which is what most packages do. I don't count > > > the user-specific stuff to be package configuration, in general. > > > > .ssh is used to log in to another system running my package, it holds > > manually created authorized_keys and keys. I'd call that configuration. > > Yes, but it's user configuration not system configuration.
A system user's .ssh is user configuration? > If you do want to have that as configuration in /etc, I'd > suggest symlinking it from /var/lib/foo to /etc/foo/authorized_keys > (or vice versa), like e.g. postgresql handles cluster configuration. Can you give a more visible example? Should /etc/foo/authorized_keys be a symlink to /var/lib/foo/home/.ssh/authorized_keys? I don't think that circumvents the FHS forbidding configuration in /var/lib just by making it accessible through /etc. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 31958061 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
