user-directory _is_ home directory

user-directory _is_ home directory

[Luke Kenneth Casson Leighton]

okay, got a good one for you.

... i notice that genhomedircon is working properly (hurrah)

however, it brings me a slight problem.

i've made /home _the_ home directory: there is one user, it's
_the_ user.

i could alternatively make a ln -s from /home/theoneuser to /c or
something but that would drive me up the wall because it is so
... so.... windows.

my question is: does anyone have any recommendations on how to deal
with /home being a mount point, and also being a user's home directory.

naively i removed the HOME_ROOT macro from types.fc, and naturally,
the /home mount point doesn't.  mount, that is.

clues anyone?

live with oh, say, restoring it /home/theoneuser instead, and
creating a symlink as "/MyDocuments" or something stupid?

l.

-- 
-- 
Information I post is with honesty, integrity, and the expectation that
you will take full responsibility if acting on the information contained,
and that, should you find it to be flawed or even mildly useful, you
will act with both honesty and integrity in return - and tell me.
--
<a href="http://lkcl.net">      lkcl.net      </a> <br />
<a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: user-directory _is_ home directory

[Luke Kenneth Casson Leighton]

On Sun, Aug 01, 2004 at 09:29:20PM +0200, Erich Schubert wrote:
> Hi,
> 
> > my question is: does anyone have any recommendations on how to deal
> > with /home being a mount point, and also being a user's home directory.
> 
> why would you want to do so?

 this is almost entirely off-topic, but i'm explaining it in case anyone
 who would otherwise be discouraged from answering if they didn't feel
 that there was a reasonable justification for removing /home/XXXX.

 background:

 there is only one user: they do not have a password, they will not
 be given a password.  they will not be given the root password, they
 will most likely not know what a root password _is_, the target users
 are in fact extremely unlikely to CARE about passwords [which is the
 whole reason why i'm using selinux, because such people are scarey]

 i'm installing usb-mount and autofs with --timeout 5 and
 integrating the two so that they don't have to deal with
 umount.  this is for people who don't know what umount is,
 and don't really care, but _do_ care about their files getting
 corrupted on their usb memory cards and usb floppy drives.

 answer:

 in kde's devices, the user is presented with /boot, /usr, /var, / and
 /home.

 none of these things are in the SLIGHTEST bit useful to a user that
 doesn't know and doesn't care, and i wish there was a way to damn well
 get rid of them ALL from konqueror.

 in order to minimise the amount of impact on such users - think c:\ - 
 i decided to get rid of the concept of /home/XXXX.

 after all, if there's only one user (with no password), what's the point?

 so, if i create a /MyDocuments and symlink it to
 /home/theoneandonlyuser, then that STILL leaves them with
 /home/theoneandonlyuser in the kde devices's list.
 
 l.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: user-directory _is_ home directory

[Erich Schubert]

Hi,

>  so, if i create a /MyDocuments and symlink it to
>  /home/theoneandonlyuser, then that STILL leaves them with
>  /home/theoneandonlyuser in the kde devices's list.

Instead of raping the FHS, why don't you just patch Konqueror/KDE
to not display the devices list at all?
Or use some "path to name" mapping and display a nicer name instead?

For the stupid user, KDE is a bad choice. It is way to overloaded.
I'd suggest using Gnome, which was designed with usability in mind.

Have a look at the following screenshot (from the gnome web site)

http://fgo-temp.acc.umu.se/pub/GNOME/teams/marketing/en/2004/two-six-
screenshots/html/large/Kenneth_1.png

Gnome displays these "contents" of "computer" without doing such ugly
hacks as you suggest. When i plugin my flash drive, hotplug, hal and
gnome-volume-manager work together and a new icon appears there.
I bet it is not too hard to hide the "Filesystem" icon altogether.
(probably just adding a strcmp at the right place, but maybe there is an
option for that already...)

So there is no need in breaking with Linux standards just for supporting
stupid users. Giving them an appropriate UI is enough.
(In fact you will want to keep them out of anything but /media
and /home/user altogether probably)

Greetings,
Erich Schubert
-- 
   erich@(vitavonni.de|debian.org)    --    GPG Key ID: 4B3A135C    (o_
    Go away or i'll replace you with a very small shell script.     //\
                Wege entstehen, wenn wir sie gehen.                 V_/_


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: user-directory _is_ home directory

[Erich Schubert]

Hi,

> my question is: does anyone have any recommendations on how to deal
> with /home being a mount point, and also being a user's home directory.

why would you want to do so?

> live with oh, say, restoring it /home/theoneuser instead, and
> creating a symlink as "/MyDocuments" or something stupid?

Make a folder "MyDocuments" in the users home.
All "stupid users file manager" start browsing your files in your home
directory, if you want you can make that /h/o/m/e/o/f/t/h/e/d/e/a/d/
and it is still useable, because the user doesn't see this path.

Greetings,
Erich Schubert
-- 
     erich@(vitavonni.de|debian.org)    --    GPG Key ID: 4B3A135C     (o_
 A man doesn't know what he knows until he knows what he doesn't know. //\
                  Wege entstehen, wenn wir sie gehen.                  V_/_


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: user-directory _is_ home directory

[Stephen Smalley]

On Sun, 2004-08-01 at 10:32, Luke Kenneth Casson Leighton wrote:
> okay, got a good one for you.
> 
> ... i notice that genhomedircon is working properly (hurrah)
> 
> however, it brings me a slight problem.
> 
> i've made /home _the_ home directory: there is one user, it's
> _the_ user.
> 
> i could alternatively make a ln -s from /home/theoneuser to /c or
> something but that would drive me up the wall because it is so
> ... so.... windows.
> 
> my question is: does anyone have any recommendations on how to deal
> with /home being a mount point, and also being a user's home directory.
> 
> naively i removed the HOME_ROOT macro from types.fc, and naturally,
> the /home mount point doesn't.  mount, that is.

Quite aside from the issue of whether or not you should directly use
/home in this manner, it would be interesting to understand exactly what
denial you are encountering and whether policy should be adjusted
accordingly.  e.g. it may well be true that mount is going to need
permission to directly mount on these directory types anyway for other
usage scenarios.

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: user-directory _is_ home directory

[Luke Kenneth Casson Leighton]

On Mon, Aug 02, 2004 at 10:06:07AM -0400, Stephen Smalley wrote:
> On Sun, 2004-08-01 at 10:32, Luke Kenneth Casson Leighton wrote:

> > okay, got a good one for you.
> > 
> > ... i notice that genhomedircon is working properly (hurrah)
> > 
> > however, it brings me a slight problem.
> > 
> > i've made /home _the_ home directory: there is one user, it's
> > _the_ user.

> > [... ]

> > my question is: does anyone have any recommendations on how to deal
> > with /home being a mount point, and also being a user's home directory.
> > 
> > naively i removed the HOME_ROOT macro from types.fc, and naturally,
> > the /home mount point doesn't.  mount, that is.
> 
> Quite aside from the issue of whether or not you should directly use
> /home in this manner, 

 *grin*.

> it would be interesting to understand exactly what
> denial you are encountering and whether policy should be adjusted
> accordingly.  e.g. it may well be true that mount is going to need
> permission to directly mount on these directory types anyway for other
> usage scenarios.

 ah.  the problem that i had was that after i removed the line starting
 HOME_ROOT from types.fc, coincidentally, /home would not mount.

 now, whether these two things are interconnected i do not know.

 but it _does_ remind me of an issue that i have tracked down.

 i noticed that pump was not dying on shutdown.

 it was keeping /var from being unmounted at shutdown.

 at boot-up time, /var could NOT BE MOUNTED.

 only after a second shutdown could it be mounted.

 by replacing pump with dhclient3, i got rid of the symptoms, but
 not the problem.


 now, something happened to /home that likewise caused it to not
 be mountable at startup time.

 except that this time it was not clearable by a reboot.

 only by manually mounting it could the problem be cleared.

 subsequently, the problem has gone away.

 .... except it worries me that i might have to wait for it to happen
 again.

 l.



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.