On Thu, Jul 14, 2022 at 01:05:51PM -0700, Josh Triplett wrote: > On Thu, 14 Jul 2022 11:38:46 +0200 Marc Haber > <mh+debian-packa...@zugschlus.de> wrote: > > It is really sad that you didn't participate in the discussion in march, > > where this part of the changes didnt get much attention and noone came > > up with any arguments against sgid home directories. I personally am at > > a loss here since I am just a server jockey who doesn't have many > > unprivileged shell account users on my boxes. > > I'm not subscribed to -devel. I saw that some discussion about adduser > took place, and saw some of the topics, but I didn't see any mention of > sgid home directories. I would have been happy to participate in such a > discussion, had I known about it. The first I heard about this was via > apt-listchanges. :(
Then at least apt-listchanges has done its job. I must admit that I rarely read what it offers. > > > One of the issues links to > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=64806 , which talks > > > about easing the setup of shared directories for users who don't feel > > > comfortable running `chmod 2770` or similar themselves. That seems like > > > a relatively small justification, given that anyone setting up a shared > > > work directory *can* run `chmod 2770` or similar themselves, and doing > > > so does not require any special permission. > > > > A local admin who doesn't like the behavior is free to change the > > default by setting an appropriate DIR_MODE in adduser.conf. There is a > > NEWS.Debian entry pointing the local administrator to this new behavior. > > I understand this, and I understand that there's no one default that > will make everyone happy. I'm hoping to make the case for what the > default should be, to both minimize surprises and minimize the impact on > the most users. I think you have the team almost convinced. I would appreciate if you could give more detaile examples, so that we can put less FUDdish rationale for the non-gid home directory in the docs? Matt has asked a few interesting questions on Thursday, and I would love to get feedback to them. > > > The more recent issue 643559 suggests that > > > > Those "bad side-effects", if they were ever relevant and important > > > > enough to make personal groups not work properly, have now been fixed. > > > > > > However, this is not the case; this change does in fact have bad > > > side-effects. This change breaks some common use cases that apply to > > > users on many systems, both single-user and multi-user. > > > > Can we please have more information than just "bad side-effects"? > > The use case below, and any other tools that create files and know to > set their permissions appropriately but don't expect unusual ownership > by default: I would like to have someting like "in an sgid directory, a deboostrap chroot will be broken because the frobnification will not work". > I'm also hoping to make a case for "this change is a surprise and a > regression, and changing it *back* shouldn't have the burden of > 'changing the default' but rather 'reverting this change and returning to the > previous default'". But either way, I'm willing to make the case > regarding the default itself. This default happened to have changed at least twice over the history of Debian. > > We can also talk to the ctte if the discussion on -devel doesn't bring > > any more consensus. > > I sincerely hope it doesn't come to that. I'd really like to have more advice from the ctte without having an actual dispute, more like an oracle or a Council of the Wise People. "On devel, noone seemed to really care either way" is often bad advice. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421