Did you consider the case with $HOME being mounted on NFS with rootsquash (which is set by default)? Should the postinst then 'su' to each user to do the modifcations in that case then? How about if some extra security policy is active like apparmor or selinux?Sorry, the only sane option which is left is to keep maintainer scriptsout of users home.
Exactly, and on our network we mount all NFS shares rootsquashed to avoid stuff like this. Only root on the file server has access to users' directories.
However, maintainer scripts should never mess with user's homes; the users may have the software installed locally, or the package may purged by mistake.
Cheers, Morten