[2019-08-16 18:40:32-0400] Michael Orlitzky:
> GLEP81 changed two aspects of user management:
>   1 Creating a user can now modify the permissions on an existing
>     directory. Should the need arise, this is necessary for a new
>     version of an acct-user package to be able to fix the ownership
>     and permissions of its home directory
>   2 All user data aside from the username became non-local to ebuilds
>     that depend on that user. This is merely a side-effect of moving
>     the user creation out of the client package, and into a separate
>     acct-user package.
> The first item means that you should be conservative when choosing a
> home directory. If at all possible, avoid choosing a home directory
> that is used by another package. In particular, no two acct-user
> packages should use the same home directory. 

Any reason why sharing home directories isn't simply forbidden?
This is sure to blow on us at some point if there is shared home directories.

>   1 Avoid using an ACCT_USER_HOME that belongs to another package.
>   2 No two acct-user packages should define the same ACCT_USER_HOME.

I feel like this is redundant, even if you would want to also cover
pre-acct-user packages.

>   3 If your package's configuration needs <username> to be able to
>     write to e.g. /var/lib/<username>, then your package's ebuild should
>     create that directory and set its ownership and permissions. Barring
>     any other considerations, the corresponding acct-user package should
>     leave ACCT_USER_HOME at its default (empty) value; setting
>     ACCT_USER_HOME=/var/lib/<username> would violate item (1).
>   4 Each user's home directory should be writable by that user. If it
>     is not, that indicates that a shared and potentially sensitive
>     location was chosen; and the fact that the home directory is not
>     writable suggests that the default (empty) ACCT_USER_HOME would
>     suffice instead.

Shouldn't this be owned instead of writable? I'm pretty sure we can 
have cases where no having write permissions is prefered for security.

>   5 As a corollary of the previous item, it is highly suspicious for
>     an acct-user package to set ACCT_USER_HOME_OWNER="root:root".

Is there cases where this would be used? It makes no sense to me for a 
home to belong to root.

Reply via email to