On 14/02/20 19:48, Vadim A. Misbakh-Soloviov wrote: >> And now you're changing the subject. You've just claimed that *your* >> user's group ownership will be overwritten and when challenged you >> present the case of *system* user's group ownership being overwritten. > Actually, he showed the rewrite of **system** user (that was modified > locally). > > And, as it already mentioned above, this behaviour violates Gentoo Philosophy > of not pretending to be smarter than user and don't dictate them a way to go. > > So, if the problem is only in the existance of the bug, I can create it > tomorrow morning. > But it would be great to know that it wont be closed in a minute after with > "WONTFIX, works as expected". > > Also, as already stated, changing the stuff that was modified by user is > **prohibited**. > > P.S. I don't care about your relations with whissi, but let's back to the > topic: > > [big red letters] > We should **NEVER** ever rewrite any system configuration made by local > system > administrator (call it "user" or whatever). Dixi. > [/big red letters] > > Modification of system users and groups are also covered by that user. > > So, we, actually don't need any changes to disable acct-* things at all and > make users to manage all the things by themselves. > We need a change that will prevent any changes over **already existing** user. > > I think we should make it in a manner like: > 1) when we install acct-pkg for a first time - CONFIG_PROTECT changes, and > let > user to review. > 2) when we **reinstall** same package - do **nothing**. Although, I'm not > sure > here: > on the one hand, why should we bother users by merging changes they already > did before, > on the other hand, it can be useful way to reset to defaults in case if "all > this stuff is screwed up". > 3) when we upgrade acct-package (assuming there was changes) - only allow > "positive" changes (group additions), but not negative (dropiing groups), and > anyway CONFIG_PROTECT all the changes. > > > Well, there is also "kludgy way": does not globally reimplement anything, but: > 1) force CFGPROTECT > 2) perform a "light" modification to only perform "positive" modifications > (see above) on users/groups, but no "negatives". > It will anyway fix the both issues Whissi and OP had. > There is a filthy hack which works around all this nonsense .. throw all acct-* packages in a Package.Provided entry, and mask installation of any other versions ..
*runs and hides*
signature.asc
Description: OpenPGP digital signature
