How do you tidy your home, aka `tree -L2 ~` - Desktop Customization & Workflow

Users browsing this thread: 1 Guest(s)
josuah
Long time nixers
I am slowly moving toward using multiple users in /home just for myself:

* I have been the only one using my computer actively
* even if sharing it like a UNIX server, it makes sense to organise things like this (see below).
* UNIX user are not an unit to count human beings, but rather system users.
* static paths for data: can hardcode i.e /home/backup in custom scripts
* uniform permissions: cd /home && for x in *; do chown $x:$x $x; chmod 750 $x; done
* this reduces opportunity of human errors or doubt by having only 1 place in the whole system to apply protection for any kind for user data.
* does not mess with the software-specific permissions (no need to apply custom permissions to /var, /etc, /usr...)
* easy to design "operators" users that have access to these data, but without access in the other direction, by adding the i.e josuah user to these groups
* works well in shared work/perso environments: can have the convention to put a "$workplace" account on
all machines to use it on local scripts or user name, rather than ~/work/...
* same feature as these "cd wrapper scripts" for free with "su -l $user" that places you in the user of choice
and lets you come back to the original shell session with Ctrl+D (works with any shell ever).
* permits custom startup shells for specific purposes (see /home/weechat below)
* for free: I can now target each user's networking, quotas, permissions... from various configuration files

The real advantage in all that, is that it removes one important doubt: where will my data be, under which user.

In other words: welcome to the power of UNIX user permission management!

For instance:

/home/src - I git clone all media at the root of that directory.
That way, even if I run make on something freshly cloned from a compromised github account,
it only accesses /home/src and not (for instance) /home/josuah/Maildir

/home/pack - same as above, but for repos that I install with "make install".
I also have a small script to automate downloading and installing things here,
See z3bra's pm(8) for something nice.

/home/backup - as backups might contain sensible data from other systems, they
are isolated onto a specific user. Any system that stores backups have this
/home/backup

/home/weechat - a ~/.shell script is the start shell for this user that spins weechat
right away. From another user, "su -l weechat" attaches the current weechat session
using https://github.com/martanne/abduco or from remote, "ssh weechat@josuah.net"
and you are in right away. An IRC client vulnerability will not permit executing
/bin/sh nor accessing /home/josuah/Maildir.

/home/git - an example that you probably already do for being able to
git clone git@example.com:wonderful-project

/home/transmission - there is only one transmission-daemon running but multiple users
might be interested in it, so a dedicated user solves it. This also makes it a good
temporary storage to apply quotas on, so that the /home does not get filled with too
large torrent files.

/home/_sysupgrade - the (OpenBSD) system might itself make use of /home! It fits nicely
in this model where users have a purpose, rather than an human identity.

/home/{dn42,mirror,openstreetmap,...} - from times to time, I want to have a dedicated
location for some specific data, such as DN42 (not in that game anymore alas!) records
along with a dn42 user that can rsync network databases of any kind and what not, or
maybe some day I want to deal with these OpenStreetMap data files and store them in a
dedicated user with its own disk... I do not feel like adding a disk too far under
/home/.../.../.../ as I will never remember it! Anything special that happen with
permissions or mounts happens at a *single* point in hierarchy: /home.

That's all folks!


Messages In This Thread
RE: How do you tidy your home, aka `tree -L2 ~` - by josuah - 22-05-2022, 08:44 AM