On Sun, Jan 19, 2020 at 2:27 PM Michael Orlitzky <m...@gentoo.org> wrote: > > On 1/19/20 2:02 PM, Rich Freeman wrote: > > > >> If you're sharing /home, you also have to be sharing user accounts, > >> unless you want everyone to be assigned a random set of files. > > > > I imagine that most people setting up something like this would only > > be sharing high-value UIDs (>1000 in our case). There is no need for > > postfix on your Gentoo box and postfix on your Debian box to have the > > same UID. You wouldn't be sshing from postfix on the one to postfix > > on the other and expecting to have the same home directory contents. > > > > You can't do that. If you're going to mount files from one system onto > another system, using only an integer <--> username mapping as your > access control mechanism, then you'd better be damn sure that those > integers and usernames match on all systems. Otherwise I might wind up > sharing /home/mjo to rich0 because the "mjo" and "rich0" groups both > have gid 1000 locally.
Obviously the UIDs associated with the shared /home need to be identical. Simplest solution is to sync anything > 1000 in /etc/passwd, and then not allow UIDs below 1000 in /home. A cron job could easily handle both, and of course regular users can't go creating stuff with the wrong UID anyway. > We've talked this to death. Barring any new evidence, /home still seems > like the best place for these, and I don't want to put them in the wrong > spot (forcing users to migrate) just to appease a QA warning from before > GLEP81 was a thing. Well, great, then by all means ask QA for a policy exception. Not my place to yell at you if you don't, but don't be surprised if somebody else does... -- Rich