Re: [gentoo-dev] RFC: UID/GID assignment for dovecot (76)
On 8/17/19 2:36 AM, Eray Aslan wrote: > > For the record, it wasnt me who wrote those acct-user ebuilds. Apologies, I checked the metadata and assumed that I missed these as part of your patch series. In any case, I'm not trying to throw blame around -- this is all new and we're still figuring it out (which is why I miss seeing the patches). >> >> Given that both of those users are pulled in only by net-mail/mailbase >> at the moment, you probably want to set those permissions in the ebuild > > I dont want to set permissions in the ebuild if possible. Thats not a > proper solution. > > Why do we need a postmaster account at all? Does anyone have a clue? > If it is needed, it should be pulled in directly by the package that needs it. I have a feeling that mailbase exists to avoid copy/pasting some code between postfix, exim, and however-many versions of qmail we once had. For the user creation at least, GLEP81 eliminates the copy/pasting. > Getting rid of mailbase is certainly another option. > The only reason I didn't suggest this is because my TODO list is already too long. I'm sure there's a good historical reason for mailbase to exist, but I can't figure out what it does today.
Re: [gentoo-dev] RFC: UID/GID assignment for dovecot (76)
On Thu, Aug 15, 2019 at 02:58:17PM -0400, Michael Orlitzky wrote: > On 8/7/19 5:24 AM, Eray Aslan wrote: > > I would like to reserve UID/GID 76 for dovecot (net-mail/dovecot) > > > > This id differs from what we have provided historically (97) but gid/97 > > is used by acct-group/input. So use 76 instead. > > > > This id is the same in Arch (76) but differs from Redhat (97). > > Can we please go back to posting the patches for these new packages? > Personally, I couldn't care less what integer people pick out of a hat. > I review these to prevent situations like this: For the record, it wasnt me who wrote those acct-user ebuilds. > # acct-user/postmaster > DESCRIPTION="Postmaster user" > ACCT_USER_ID=14 > ACCT_USER_HOME=/var/spool/mail > ACCT_USER_HOME_OWNER=root:mail > ACCT_USER_HOME_PERMS=03775 > ACCT_USER_GROUPS=( mail ) > > # acct-user/mail > DESCRIPTION="Mail program user" > ACCT_USER_ID=8 > ACCT_USER_HOME=/var/spool/mail > ACCT_USER_HOME_OWNER=root:mail > ACCT_USER_HOME_PERMS=03775 > ACCT_USER_GROUPS=( mail ) > > These two now need to be kept in-sync forever, because otherwise one is > going to clobber the permissions on the other's home directory. Not > having to worry about that was an explicit goal of GLEP81. > > Given that both of those users are pulled in only by net-mail/mailbase > at the moment, you probably want to set those permissions in the ebuild I dont want to set permissions in the ebuild if possible. Thats not a proper solution. Why do we need a postmaster account at all? Does anyone have a clue? > and leave those two users' home directories at the default. The > net-mail/mailbase package certainly doesn't need their home directories > set to anything in particular. (It doesn't need the user at all, but > that's probably a larger issue with mailbase.) Getting rid of mailbase is certainly another option. -- Eray
Re: [gentoo-dev] RFC: UID/GID assignment for dovecot (76)
On 8/7/19 5:24 AM, Eray Aslan wrote: > I would like to reserve UID/GID 76 for dovecot (net-mail/dovecot) > > This id differs from what we have provided historically (97) but gid/97 > is used by acct-group/input. So use 76 instead. > > This id is the same in Arch (76) but differs from Redhat (97). > Can we please go back to posting the patches for these new packages? Personally, I couldn't care less what integer people pick out of a hat. I review these to prevent situations like this: # acct-user/postmaster DESCRIPTION="Postmaster user" ACCT_USER_ID=14 ACCT_USER_HOME=/var/spool/mail ACCT_USER_HOME_OWNER=root:mail ACCT_USER_HOME_PERMS=03775 ACCT_USER_GROUPS=( mail ) # acct-user/mail DESCRIPTION="Mail program user" ACCT_USER_ID=8 ACCT_USER_HOME=/var/spool/mail ACCT_USER_HOME_OWNER=root:mail ACCT_USER_HOME_PERMS=03775 ACCT_USER_GROUPS=( mail ) These two now need to be kept in-sync forever, because otherwise one is going to clobber the permissions on the other's home directory. Not having to worry about that was an explicit goal of GLEP81. Given that both of those users are pulled in only by net-mail/mailbase at the moment, you probably want to set those permissions in the ebuild, and leave those two users' home directories at the default. The net-mail/mailbase package certainly doesn't need their home directories set to anything in particular. (It doesn't need the user at all, but that's probably a larger issue with mailbase.)
