How do you tidy your home, aka `tree -L2 ~` - Desktop Customization & Workflow
Users browsing this thread: 1 Guest(s)
|
|||
I am slowly moving toward using multiple users in /home just for myself:
* I have been the only one using my computer actively * even if sharing it like a UNIX server, it makes sense to organise things like this (see below). * UNIX user are not an unit to count human beings, but rather system users. * static paths for data: can hardcode i.e /home/backup in custom scripts * uniform permissions: cd /home && for x in *; do chown $x:$x $x; chmod 750 $x; done * this reduces opportunity of human errors or doubt by having only 1 place in the whole system to apply protection for any kind for user data. * does not mess with the software-specific permissions (no need to apply custom permissions to /var, /etc, /usr...) * easy to design "operators" users that have access to these data, but without access in the other direction, by adding the i.e josuah user to these groups * works well in shared work/perso environments: can have the convention to put a "$workplace" account on all machines to use it on local scripts or user name, rather than ~/work/... * same feature as these "cd wrapper scripts" for free with "su -l $user" that places you in the user of choice and lets you come back to the original shell session with Ctrl+D (works with any shell ever). * permits custom startup shells for specific purposes (see /home/weechat below) * for free: I can now target each user's networking, quotas, permissions... from various configuration files The real advantage in all that, is that it removes one important doubt: where will my data be, under which user. In other words: welcome to the power of UNIX user permission management! For instance: /home/src - I git clone all media at the root of that directory. That way, even if I run make on something freshly cloned from a compromised github account, it only accesses /home/src and not (for instance) /home/josuah/Maildir /home/pack - same as above, but for repos that I install with "make install". I also have a small script to automate downloading and installing things here, See z3bra's pm(8) for something nice. /home/backup - as backups might contain sensible data from other systems, they are isolated onto a specific user. Any system that stores backups have this /home/backup /home/weechat - a ~/.shell script is the start shell for this user that spins weechat right away. From another user, "su -l weechat" attaches the current weechat session using https://github.com/martanne/abduco or from remote, "ssh weechat@josuah.net" and you are in right away. An IRC client vulnerability will not permit executing /bin/sh nor accessing /home/josuah/Maildir. /home/git - an example that you probably already do for being able to git clone git@example.com:wonderful-project /home/transmission - there is only one transmission-daemon running but multiple users might be interested in it, so a dedicated user solves it. This also makes it a good temporary storage to apply quotas on, so that the /home does not get filled with too large torrent files. /home/_sysupgrade - the (OpenBSD) system might itself make use of /home! It fits nicely in this model where users have a purpose, rather than an human identity. /home/{dn42,mirror,openstreetmap,...} - from times to time, I want to have a dedicated location for some specific data, such as DN42 (not in that game anymore alas!) records along with a dn42 user that can rsync network databases of any kind and what not, or maybe some day I want to deal with these OpenStreetMap data files and store them in a dedicated user with its own disk... I do not feel like adding a disk too far under /home/.../.../.../ as I will never remember it! Anything special that happen with permissions or mounts happens at a *single* point in hierarchy: /home. That's all folks! |
|||