On 8/17/19 12:29 AM, Haelwenn (lanodan) Monnier wrote:
>
> Any reason why sharing home directories isn't simply forbidden?
> This is sure to blow on us at some point if there is shared home directories.
>
> ...
>
> Shouldn't this be owned instead of writable? I'm pretty sure we can
> have cases where no having write permissions is prefered for security.
The weak wording is for two reasons:
* I'm confident that these are all good ideas, but not 100% certain.
This is new stuff, and what constitutes a "best practice" is likely
to change. If a corner case comes up, I don't want to have dug us
into a hole by outlawing something that turns out to be reasonable
in some situations.
* If this goes into the devmanual, it would be a new policy, and it
therefore needs some consensus among developers. It's a lot easier
to get consensus for a warning than it is for a ban.
>> 5 As a corollary of the previous item, it is highly suspicious for
>> an acct-user package to set ACCT_USER_HOME_OWNER="root:root".
>
> Is there cases where this would be used? It makes no sense to me for a
> home to belong to root.
>
It's happened in two cases so far, both leading to some badness. It's a
symptom of some other problem, but checking the variable for "root:root"
in e.g. repoman is a lot easier than running a tinderbox build to see if
there's a directory collision.
