subject:"Moving \/home of a package account, and to where\?"

Re: Moving /home of a package account, and to where?

2012-07-02 Thread Russ Allbery

Marc Haber  writes:
> On Sun, Jul 01, 2012 at 07:53:04PM -0700, Russ Allbery wrote:

>> It would indeed be best if everything possible was documented, but very
>> few people volunteer to do the work to drive changes to the
>> documentation through to completion.

> This is partly because of the kind-of heavy-handed policy editorial
> process.

Every time I've tried to streamline the process, someone equally upset
rips me a new one for changing the Policy rules without consulting the
project sufficiently.

Perhaps we're identifying one of the reasons why so few people work on
Policy, and why I periodically suffer from lack of motivation to go
through the pending changes, huh?

-- 
Russ Allbery (r...@debian.org)   

-- 
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87hatq3xle@windlord.stanford.edu

Re: Moving /home of a package account, and to where?

2012-07-02 Thread Henrique de Moraes Holschuh

On Mon, 02 Jul 2012, Marc Haber wrote:
> On Sun, Jul 01, 2012 at 07:53:04PM -0700, Russ Allbery wrote:
> > It would indeed be best if everything possible was documented, but very
> > few people volunteer to do the work to drive changes to the documentation
> > through to completion.
> 
> This is partly because of the kind-of heavy-handed policy editorial
> process.

You're kidding, right?  Just file a bug with the proposed patch to the
docbook source.  It is _all_ that it takes more often than not.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh


-- 
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120702154821.gd3...@khazad-dum.debian.net

Re: Moving /home of a package account, and to where?

2012-07-02 Thread Marc Haber

On Sun, Jul 01, 2012 at 07:53:04PM -0700, Russ Allbery wrote:
> It would indeed be best if everything possible was documented, but very
> few people volunteer to do the work to drive changes to the documentation
> through to completion.

This is partly because of the kind-of heavy-handed policy editorial
process.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062


-- 
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120702081214.gg31...@torres.zugschlus.de

Re: Moving /home of a package account, and to where?

2012-07-02 Thread Marc Haber

On Mon, Jul 02, 2012 at 10:03:08PM +1000, Sven Dowideit wrote:
> On 02/07/12 02:03, Marc Haber wrote:
> >I am really really astonished about with which ease we hurl RC
> >bugs at packages without having thought-out alternatives.
> Would it not be better to reject the Debian QA 'suggestion' until
> such time as its documented thoroughly in the Packaging manual?

That will kick the package out of testing and stable. Not desireable.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062


-- 
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120702081105.gf31...@torres.zugschlus.de

Re: Moving /home of a package account, and to where?

2012-07-01 Thread Sven Dowideit


Sorry, I wanted to be constructive:

IMO, if a maintainer of a package isn't sure how to address a policy 
request, I believe the best response is to reject/park the issue, 
pending a separate discussion and adding of the needed details to policy 
(or appendices etc).


The reason I feel this way, is that when an implementation detail isn't 
pushed into policy, the debate happens more than once, and often with 
differing loud results (based on opinions of those awake at the time).


if policy isn't clear enough, make the process require fixing the 
documentation, rather than allowing having debian-mentors etc re-debate 
in an adhoc and lossy way.



Sven



On 02/07/12 23:37, Sven Dowideit wrote:

On 02/07/12 12:53, Russ Allbery wrote:

Sven Dowideit  writes:

On 02/07/12 02:03, Marc Haber wrote:

I am really really astonished about with which ease we hurl RC bugs at
packages without having thought-out alternatives.

Would it not be better to reject the Debian QA 'suggestion' until such
time as its documented thoroughly in the Packaging manual?

Not using /home is already documented in Debian Policy.  Marc quoted the
relevant excerpt in his original message.

It would indeed be best if everything possible was documented, but very
few people volunteer to do the work to drive changes to the 
documentation

through to completion.

y, instead they all volunteer to pontificate on details that come due 
to the lack of detail - like where to put the ssh keys.


ie, having the doc say 'don't use /home' without addressing common 
reasons for wanting to use /home in that doc is the problem. (And I'd 
consider them a blocker for putting such a statement in the doc.


but as i said, I declined to do more because dealing with the details 
meant that every year someone would demand that I undo something i was 
demanded to do the year before. (The policy on complicated 
self-modifying web apps is pretty much non-existant)


Sven





--
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ff1a658.7020...@home.org.au

Re: Moving /home of a package account, and to where?

2012-07-01 Thread Sven Dowideit


On 02/07/12 12:53, Russ Allbery wrote:

Sven Dowideit  writes:

On 02/07/12 02:03, Marc Haber wrote:

I am really really astonished about with which ease we hurl RC bugs at
packages without having thought-out alternatives.

Would it not be better to reject the Debian QA 'suggestion' until such
time as its documented thoroughly in the Packaging manual?

Not using /home is already documented in Debian Policy.  Marc quoted the
relevant excerpt in his original message.

It would indeed be best if everything possible was documented, but very
few people volunteer to do the work to drive changes to the documentation
through to completion.

y, instead they all volunteer to pontificate on details that come due to 
the lack of detail - like where to put the ssh keys.


ie, having the doc say 'don't use /home' without addressing common 
reasons for wanting to use /home in that doc is the problem. (And I'd 
consider them a blocker for putting such a statement in the doc.


but as i said, I declined to do more because dealing with the details 
meant that every year someone would demand that I undo something i was 
demanded to do the year before. (The policy on complicated 
self-modifying web apps is pretty much non-existant)


Sven


--
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ff1a41d.7060...@home.org.au

Re: Moving /home of a package account, and to where?

2012-07-01 Thread Russ Allbery

Sven Dowideit  writes:
> On 02/07/12 02:03, Marc Haber wrote:

>> I am really really astonished about with which ease we hurl RC bugs at
>> packages without having thought-out alternatives.

> Would it not be better to reject the Debian QA 'suggestion' until such
> time as its documented thoroughly in the Packaging manual?

Not using /home is already documented in Debian Policy.  Marc quoted the
relevant excerpt in his original message.

It would indeed be best if everything possible was documented, but very
few people volunteer to do the work to drive changes to the documentation
through to completion.

-- 
Russ Allbery (r...@debian.org)   

-- 
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87obny27sf@windlord.stanford.edu

Re: Moving /home of a package account, and to where?

2012-07-01 Thread Sven Dowideit


On 02/07/12 02:03, Marc Haber wrote:
I am really really astonished about with which ease we hurl RC bugs at 
packages without having thought-out alternatives.
Would it not be better to reject the Debian QA 'suggestion' until such 
time as its documented thoroughly in the Packaging manual?


I'm a non-DD that gave up maintaining a package in debian (and in the 
process decided not to be a DD).


The main reason was the constant barrage of opposing and incomplete 
directions given (and each that I implemented lead to more bugs and yet 
more opposing suggestions), and not enough well finished and detailed 
documentation.


2 cents more
Sven


--
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ff18dfc.7040...@home.org.au

Re: Moving /home of a package account, and to where?

2012-07-01 Thread Henrique de Moraes Holschuh

On Sun, 01 Jul 2012, Marc Haber wrote:
> On Sun, Jul 01, 2012 at 12:36:41PM -0300, Henrique de Moraes Holschuh wrote:
> > On Sun, 01 Jul 2012, Marc Haber wrote:
> > > > Yes, but it's user configuration not system configuration.
> > > 
> > > A system user's .ssh is user configuration?
> > 
> > If it is intended to be manipulated by the local admin, yes, and it would
> > belong in /etc somewhere.
> 
> I would call that system configuration.

I suppose, since it is system-wide.

> > No.  The real file goes in /etc, the symlink goes in /var/lib.  But you may
> > need very tight permissions in the directory that hosts these to have sshd
> > tolerate it, if it will work at all.
> 
> Does sshd honor symlinks when looking for authorized_keys? I am really

Test it.

> really astonished about with which ease we hurl RC bugs at packages
> without having thought-out alternatives.

Sometimes you *really* have to do some heavy work to get something to
actually work sanely.  I've had to actually enhance upstream C code to
get it to be able to do things in a way that makes it easier to properly
package it.  Had to do it for fetchmail, Cyrus IMAPd, amavisd-new...

This is the Debian added-value.  We do what it takes to make it sane.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh


-- 
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120701171023.gh2...@khazad-dum.debian.net

Re: Moving /home of a package account, and to where?

2012-07-01 Thread Marc Haber

On Sun, Jul 01, 2012 at 12:36:41PM -0300, Henrique de Moraes Holschuh wrote:
> On Sun, 01 Jul 2012, Marc Haber wrote:
> > > Yes, but it's user configuration not system configuration.
> > 
> > A system user's .ssh is user configuration?
> 
> If it is intended to be manipulated by the local admin, yes, and it would
> belong in /etc somewhere.

I would call that system configuration.

> > > If you do want to have that as configuration in /etc, I'd
> > > suggest symlinking it from /var/lib/foo to /etc/foo/authorized_keys
> > > (or vice versa), like e.g. postgresql handles cluster configuration.
> > 
> > Can you give a more visible example? Should /etc/foo/authorized_keys
> > be a symlink to /var/lib/foo/home/.ssh/authorized_keys? I don't think
> > that circumvents the FHS forbidding configuration in /var/lib just by
> > making it accessible through /etc.
> 
> No.  The real file goes in /etc, the symlink goes in /var/lib.  But you may
> need very tight permissions in the directory that hosts these to have sshd
> tolerate it, if it will work at all.

Does sshd honor symlinks when looking for authorized_keys? I am really
really astonished about with which ease we hurl RC bugs at packages
without having thought-out alternatives.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062


-- 
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120701160358.gk25...@torres.zugschlus.de

Re: Moving /home of a package account, and to where?

2012-07-01 Thread Henrique de Moraes Holschuh

On Sun, 01 Jul 2012, Marc Haber wrote:
> > Yes, but it's user configuration not system configuration.
> 
> A system user's .ssh is user configuration?

If it is intended to be manipulated by the local admin, yes, and it would
belong in /etc somewhere.

> > If you do want to have that as configuration in /etc, I'd
> > suggest symlinking it from /var/lib/foo to /etc/foo/authorized_keys
> > (or vice versa), like e.g. postgresql handles cluster configuration.
> 
> Can you give a more visible example? Should /etc/foo/authorized_keys
> be a symlink to /var/lib/foo/home/.ssh/authorized_keys? I don't think
> that circumvents the FHS forbidding configuration in /var/lib just by
> making it accessible through /etc.

No.  The real file goes in /etc, the symlink goes in /var/lib.  But you may
need very tight permissions in the directory that hosts these to have sshd
tolerate it, if it will work at all.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh


-- 
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120701153641.gg2...@khazad-dum.debian.net

Re: Moving /home of a package account, and to where?

2012-07-01 Thread Marc Haber

On Sun, Jul 01, 2012 at 02:29:05PM +0100, Roger Leigh wrote:
> On Sun, Jul 01, 2012 at 02:56:13PM +0200, Marc Haber wrote:
> > On Sun, Jul 01, 2012 at 01:04:17PM +0100, Roger Leigh wrote:
> > > On Sun, Jul 01, 2012 at 12:44:48PM +0200, Marc Haber wrote:
> > > > Debian QA decided recently that it is bad to have a system/package
> > > > account created with its home directory in /home/package, as it is
> > > > adduser --system's default btw. I am therefore faced with having to
> > > > change /home to some non-/home place. Unfortunately, policy does not
> > > > give any hint about how to do it right.
> > > > 
> > > > Where do I put my user's home directory? In this case, the user's home
> > > > directory contains a .ssh with known_hosts, authorized_keys and actual
> > > > keys and it might additionally accumulate some regular dotfiles.
> > > 
> > > I'd go with /var/lib, which is what most packages do.  I don't count
> > > the user-specific stuff to be package configuration, in general.
> > 
> > .ssh is used to log in to another system running my package, it holds
> > manually created authorized_keys and keys. I'd call that configuration.
> 
> Yes, but it's user configuration not system configuration.

A system user's .ssh is user configuration?

> If you do want to have that as configuration in /etc, I'd
> suggest symlinking it from /var/lib/foo to /etc/foo/authorized_keys
> (or vice versa), like e.g. postgresql handles cluster configuration.

Can you give a more visible example? Should /etc/foo/authorized_keys
be a symlink to /var/lib/foo/home/.ssh/authorized_keys? I don't think
that circumvents the FHS forbidding configuration in /var/lib just by
making it accessible through /etc.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062


-- 
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120701151308.gj25...@torres.zugschlus.de

Re: Moving /home of a package account, and to where?

2012-07-01 Thread Roger Leigh

On Sun, Jul 01, 2012 at 02:56:13PM +0200, Marc Haber wrote:
> On Sun, Jul 01, 2012 at 01:04:17PM +0100, Roger Leigh wrote:
> > On Sun, Jul 01, 2012 at 12:44:48PM +0200, Marc Haber wrote:
> > > Debian QA decided recently that it is bad to have a system/package
> > > account created with its home directory in /home/package, as it is
> > > adduser --system's default btw. I am therefore faced with having to
> > > change /home to some non-/home place. Unfortunately, policy does not
> > > give any hint about how to do it right.
> > > 
> > > Where do I put my user's home directory? In this case, the user's home
> > > directory contains a .ssh with known_hosts, authorized_keys and actual
> > > keys and it might additionally accumulate some regular dotfiles.
> > 
> > I'd go with /var/lib, which is what most packages do.  I don't count
> > the user-specific stuff to be package configuration, in general.
> 
> .ssh is used to log in to another system running my package, it holds
> manually created authorized_keys and keys. I'd call that configuration.

Yes, but it's user configuration not system configuration.
If you do want to have that as configuration in /etc, I'd
suggest symlinking it from /var/lib/foo to /etc/foo/authorized_keys
(or vice versa), like e.g. postgresql handles cluster configuration.

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linuxhttp://people.debian.org/~rleigh/
 `. `'   schroot and sbuild  http://alioth.debian.org/projects/buildd-tools
   `-GPG Public Key  F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800


-- 
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120701132905.gq9...@codelibre.net

Re: Moving /home of a package account, and to where?

2012-07-01 Thread Marc Haber

On Sun, Jul 01, 2012 at 02:53:20PM +0200, Goswin von Brederlow wrote:
> If you need configuration files (which the user is supposed to edit as
> supposed to calling some config tool) in the users home directory and
> also automatically changing files then I'm afraid you will need to use
> both /etc and /var/lib and symlinks.

sshd won't honor a symlinked authorized_keys, would it?

> Maybe think about patching the source so that it reads a system wide
> file as well as a users file.

sshd???

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062


-- 
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120701125752.gg25...@torres.zugschlus.de

Re: Moving /home of a package account, and to where?

2012-07-01 Thread Marc Haber

On Sun, Jul 01, 2012 at 01:04:17PM +0100, Roger Leigh wrote:
> On Sun, Jul 01, 2012 at 12:44:48PM +0200, Marc Haber wrote:
> > Debian QA decided recently that it is bad to have a system/package
> > account created with its home directory in /home/package, as it is
> > adduser --system's default btw. I am therefore faced with having to
> > change /home to some non-/home place. Unfortunately, policy does not
> > give any hint about how to do it right.
> > 
> > Where do I put my user's home directory? In this case, the user's home
> > directory contains a .ssh with known_hosts, authorized_keys and actual
> > keys and it might additionally accumulate some regular dotfiles.
> 
> I'd go with /var/lib, which is what most packages do.  I don't count
> the user-specific stuff to be package configuration, in general.

.ssh is used to log in to another system running my package, it holds
manually created authorized_keys and keys. I'd call that configuration.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062


-- 
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120701125613.gf25...@torres.zugschlus.de

Re: Moving /home of a package account, and to where?

2012-07-01 Thread Goswin von Brederlow

Marc Haber  writes:

> Hi,
>
> Debian QA decided recently that it is bad to have a system/package
> account created with its home directory in /home/package, as it is
> adduser --system's default btw. I am therefore faced with having to
> change /home to some non-/home place. Unfortunately, policy does not
> give any hint about how to do it right.
>
> Where do I put my user's home directory? In this case, the user's home
> directory contains a .ssh with known_hosts, authorized_keys and actual
> keys and it might additionally accumulate some regular dotfiles.
>
> (1)
> Which is the correct place for a user's home dir?
>
> /etc/ or /etc//home
>   - surprise for a seasoned admin
>   - might create QA bugs regarding "package does not properly clean up
> after itself"
>   - might create dpkg-conffile hassle for files that are bound to
> automatically change during operation, such as known_hosts

That would be not only confusing but also problematic since /etc is
(potentially) read-only. No automatically changing files allowed there.

> /var/lib/
>   - impossible to use ("users must never need to modify files in
> /var/lib to configure a package's operation", FHS)
>
> /var/cache/ / /var/spool
>   - inapprorpiate via FHS

Iirc /var/cache might be cleared by the admin and what you talk about
certainly isn't spool material.

> /var/run
>   - inappropriate as /var/run is cleared during boot

As you say. :)

> So, /etc looks like the only feasible way for a package that needs
> configuration files in its users' home directory. Is that the case or
> am I missing things?

If you need configuration files (which the user is supposed to edit as
supposed to calling some config tool) in the users home directory and
also automatically changing files then I'm afraid you will need to use
both /etc and /var/lib and symlinks.

Maybe think about patching the source so that it reads a system wide
file as well as a users file. Then you can have the conffiles in /etc
(for debian packages) or in ~/ (for upstream or local installs). Just
like there is /etc/bash.bashrc and ~/.bashrc.

> For a package that has never been part of a Debian stable release, it
> is ok to just change the home directory in the maintainer script,
> causing existing installations (5, regarding to popcon) to still use
> the old, "inappropriate" location (with a NEWS.Debian suggesting a
> manual change), or do I _really_ need to prompt the user whether he
> wants his old data to be moved, forcing me to handle gazillions of
> translation and debconf-related bugs?
>
> Greetings
> Marc

MfG Goswin


-- 
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87k3ynbq2n.fsf@frosties.localnet

Re: Moving /home of a package account, and to where?

2012-07-01 Thread Roger Leigh

On Sun, Jul 01, 2012 at 12:44:48PM +0200, Marc Haber wrote:
> Hi,
> 
> Debian QA decided recently that it is bad to have a system/package
> account created with its home directory in /home/package, as it is
> adduser --system's default btw. I am therefore faced with having to
> change /home to some non-/home place. Unfortunately, policy does not
> give any hint about how to do it right.
> 
> Where do I put my user's home directory? In this case, the user's home
> directory contains a .ssh with known_hosts, authorized_keys and actual
> keys and it might additionally accumulate some regular dotfiles.

I'd go with /var/lib, which is what most packages do.  I don't count
the user-specific stuff to be package configuration, in general.

% getent passwd | grep /var/lib
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
statd:x:102:65534::/var/lib/nfs:/bin/false
dictd:x:107:114:Dictd Server,,,:/var/lib/dictd:/bin/false
postgres:x:111:121:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
sbuild:x:115:124:Debian source builder,,,:/var/lib/sbuild:/bin/bash
buildd:x:116:125:Debian build daemon,,,:/var/lib/buildd:/bin/bash
ntop:x:118:128::/var/lib/ntop:/bin/false
Debian-gdm:x:120:132:Gnome Display Manager:/var/lib/gdm3:/bin/false
colord:x:123:135:colord colour management daemon,,,:/var/lib/colord:/bin/false


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linuxhttp://people.debian.org/~rleigh/
 `. `'   schroot and sbuild  http://alioth.debian.org/projects/buildd-tools
   `-GPG Public Key  F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800


-- 
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120701120417.gp9...@codelibre.net

Moving /home of a package account, and to where?

2012-07-01 Thread Marc Haber

Hi,

Debian QA decided recently that it is bad to have a system/package
account created with its home directory in /home/package, as it is
adduser --system's default btw. I am therefore faced with having to
change /home to some non-/home place. Unfortunately, policy does not
give any hint about how to do it right.

Where do I put my user's home directory? In this case, the user's home
directory contains a .ssh with known_hosts, authorized_keys and actual
keys and it might additionally accumulate some regular dotfiles.

(1)
Which is the correct place for a user's home dir?

/etc/ or /etc//home
  - surprise for a seasoned admin
  - might create QA bugs regarding "package does not properly clean up
after itself"
  - might create dpkg-conffile hassle for files that are bound to
automatically change during operation, such as known_hosts

/var/lib/
  - impossible to use ("users must never need to modify files in
/var/lib to configure a package's operation", FHS)

/var/cache/ / /var/spool
  - inapprorpiate via FHS

/var/run
  - inappropriate as /var/run is cleared during boot


So, /etc looks like the only feasible way for a package that needs
configuration files in its users' home directory. Is that the case or
am I missing things?


For a package that has never been part of a Debian stable release, it
is ok to just change the home directory in the maintainer script,
causing existing installations (5, regarding to popcon) to still use
the old, "inappropriate" location (with a NEWS.Debian suggesting a
manual change), or do I _really_ need to prompt the user whether he
wants his old data to be moved, forcing me to handle gazillions of
translation and debconf-related bugs?

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062


-- 
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120701104448.ge25...@torres.zugschlus.de

Re: Moving /home of a package account, and to where?

Re: Moving /home of a package account, and to where?

Re: Moving /home of a package account, and to where?

Re: Moving /home of a package account, and to where?

Re: Moving /home of a package account, and to where?

Re: Moving /home of a package account, and to where?

Re: Moving /home of a package account, and to where?

Re: Moving /home of a package account, and to where?

Re: Moving /home of a package account, and to where?

Re: Moving /home of a package account, and to where?

Re: Moving /home of a package account, and to where?

Re: Moving /home of a package account, and to where?

Re: Moving /home of a package account, and to where?

Re: Moving /home of a package account, and to where?

Re: Moving /home of a package account, and to where?

Re: Moving /home of a package account, and to where?

Re: Moving /home of a package account, and to where?

Moving /home of a package account, and to where?

18 matches

Site Navigation

Mail list logo

Footer information