>>>>> On Sat, 17 Aug 2019, Michael Orlitzky wrote: > 1 Avoid using an ACCT_USER_HOME that belongs to another package.
> 2 No two acct-user packages should define the same ACCT_USER_HOME. These two points are not fulfilled by the users that currently belong to baselayout. For example, "operator" (and "toor" on BSD) share /root with the root user. > 3 If your package's configuration needs <username> to be able to > write to e.g. /var/lib/<username>, then your package's ebuild should > create that directory and set its ownership and permissions. Barring > any other considerations, the corresponding acct-user package should > leave ACCT_USER_HOME at its default (empty) value; setting > ACCT_USER_HOME=/var/lib/<username> would violate item (1). > 4 Each user's home directory should be writable by that user. If it > is not, that indicates that a shared and potentially sensitive > location was chosen; and the fact that the home directory is not > writable suggests that the default (empty) ACCT_USER_HOME would > suffice instead. > 5 As a corollary of the previous item, it is highly suspicious for > an acct-user package to set ACCT_USER_HOME_OWNER="root:root". Again, points 4 and 5 won't be true for several of baselayout's users. For example, "nobody" lives in /var/empty but cannot write to it, and that dir is owned by root. Same for the "sshd" user, which IIRC chroots to /var/empty, but must not (be able to) write to that dir. > 6 The world-writable bit should never be set in ACCT_USER_HOME_PERMS. > This would otherwise satisfy item (4), but should never be done for > security reasons.
signature.asc
Description: PGP signature
