New Fedora 22 Change proposal: systemd-sysusers

[William]

On Thu, 2014-07-10 at 08:35 -0700, Colin Walters wrote:
> On Thu, Jul 10, 2014, at 05:42 AM, Lennart Poettering wrote:
> > 
> > > Two examples from the top of my head:
> > >  * Some tftpd implementations use it as the base path (and chroot into it)
> > >  * Some anonymous ftpd implementation have similar use (chroot into ~ftp)
> 
> But these aren't really usable without configuration, no?  Now many
> server packages do have default configuration pointing to a default data
> store (e.g. apache and /var/www/html), but I think there's a reasonable
> expectation that the majority of sites customize this.

I strongly disagree: Most sites would use these directories else they
fall into the SELinux labeling trap. So setting such a home drive is a
good thing to assist with SELinux policy creation etc. 

> 
> Hmm, actually though since sysusers defaults to /, that would presumably
> mean the default ftp server install would serve up the entire OS, which
> is probably not desired.  Lennart, what about changing the default to
> /var/empty or so?
> 
> Interesting, httpd appears to default to /usr/share/httpd for its home
> directory, not /var/www/ as I would have expected.
> 
> > The "gdm" user also kinda needs a home directory.
> 
> This one is special enough that I think alternatively we could have GDM
> use a compiled-in default of $localstatedir/lib/gdm if the home
> directory is the default.  (Leading to the question of what the default
> should be).
> 
> I'm just thinking out loud - maybe it's easiest to add the home
> directory field.

I think that Lennart's solution of the "home directory" configuration
option is the way to go given the SELinux labeling above, and that some
people do enjoy systems like ftp "just working" (tm)


-- 
William <william at firstyear.id.au>