Bug#679751: please clarify package account and home directory location in policy

To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: 679751@bugs.debian.org
Subject: Bug#679751: please clarify package account and home directory location in policy
From: Russ Allbery <rra@debian.org>
Date: Mon, 02 Jul 2012 14:29:53 -0700
Message-id: <[🔎] 87y5n126ni.fsf@windlord.stanford.edu>
Reply-to: Russ Allbery <rra@debian.org>, 679751@bugs.debian.org
In-reply-to: <[🔎] 20120702210522.GC31735@torres.zugschlus.de> (Marc Haber's message of "Mon, 2 Jul 2012 23:05:22 +0200")
References: <[🔎] 20120701102459.5134.16280.reportbug@salida.zugschlus.de> <[🔎] 877gun76jr.fsf@windlord.stanford.edu> <[🔎] 20120702080933.GE31735@torres.zugschlus.de> <[🔎] 87sjda3y5e.fsf@windlord.stanford.edu> <[🔎] 20120702210522.GC31735@torres.zugschlus.de>

Marc Haber <mh+debian-packages@zugschlus.de> writes:
> On Mon, Jul 02, 2012 at 09:50:37AM -0700, Russ Allbery wrote:

>> I'm not sure that I understand the use case.  I've never needed to
>> create an authorized_keys file for a system account created by a
>> package.  Maybe you could explain more about what you're doing that
>> makes this a reasonable thing to do?

> The package has a collector and a presenter component and uses
> rsync-over-ssh to transfer collected data to the presenter.

Ah, okay.  For that use case, the only thing that you would care about the
user home directory containing is the authorized_keys file, correct?

In this case, you could either put the home directory in /etc, or put the
home directory in /var/lib with a symlink from .ssh/authorized_keys to
/etc.  I would tend to do the latter since you can then use more
reasonable file names in /etc, such as /etc/<package>/authorized_keys.

I confirmed that sshd is perfectly happy with a /var/lib/<package>
directory with an .ssh subdirectory owned by root and a root-owned symlink
from authorized_keys to a file /etc.  I would pre-create the file in /etc
with a comment saying what it's for.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Bug#679751: please clarify package account and home directory location in policy
  - From: Marc Haber <mh+debian-packages@zugschlus.de>

References:
- Bug#679751: please clarify package account and home directory location in policy
  - From: Marc Haber <mh+debian-packages@zugschlus.de>
- Bug#679751: please clarify package account and home directory location in policy
  - From: Russ Allbery <rra@debian.org>
- Bug#679751: please clarify package account and home directory location in policy
  - From: Marc Haber <mh+debian-packages@zugschlus.de>
- Bug#679751: please clarify package account and home directory location in policy
  - From: Russ Allbery <rra@debian.org>
- Bug#679751: please clarify package account and home directory location in policy
  - From: Marc Haber <mh+debian-packages@zugschlus.de>

Prev by Date: Bug#679751: please clarify package account and home directory location in policy
Next by Date: Bug#679751: please clarify package account and home directory location in policy
Previous by thread: Bug#679751: please clarify package account and home directory location in policy
Next by thread: Bug#679751: please clarify package account and home directory location in policy
Index(es):
- Date
- Thread