On 8/17/19 12:29 AM, Haelwenn (lanodan) Monnier wrote: > > Any reason why sharing home directories isn't simply forbidden? > This is sure to blow on us at some point if there is shared home directories. > > ... > > Shouldn't this be owned instead of writable? I'm pretty sure we can > have cases where no having write permissions is prefered for security.
The weak wording is for two reasons: * I'm confident that these are all good ideas, but not 100% certain. This is new stuff, and what constitutes a "best practice" is likely to change. If a corner case comes up, I don't want to have dug us into a hole by outlawing something that turns out to be reasonable in some situations. * If this goes into the devmanual, it would be a new policy, and it therefore needs some consensus among developers. It's a lot easier to get consensus for a warning than it is for a ban. >> 5 As a corollary of the previous item, it is highly suspicious for >> an acct-user package to set ACCT_USER_HOME_OWNER="root:root". > > Is there cases where this would be used? It makes no sense to me for a > home to belong to root. > It's happened in two cases so far, both leading to some badness. It's a symptom of some other problem, but checking the variable for "root:root" in e.g. repoman is a lot easier than running a tinderbox build to see if there's a directory collision.