* bug#35341: Guix System installer does not set up passwords and profile directories
@ 2019-04-20 12:56 pelzflorian (Florian Pelz)
2019-04-22 10:02 ` Ludovic Courtès
2019-04-22 10:13 ` Ludovic Courtès
0 siblings, 2 replies; 5+ messages in thread
From: pelzflorian (Florian Pelz) @ 2019-04-20 12:56 UTC (permalink / raw)
To: 35341
I installed Guix System from a USB flash drive from the current git
master. The manual describes I should set up a password with passwd.
I think the installer should automate this, so users do not need to
know the passwd command.
After setting a password with `passwd florian` and logging in
as florian, I run `guix pull`. This yields the following error:
pull: error: while creating directory `/var/guix/profiles/per-user/florian': Permission denied
hint: Please create the `/var/guix/profiles/per-user/florian' directory, with you
as the owner.
This persists after a reboot.
sudo mkdir /var/guix/profiles/per-user/florian
sudo chown florian:users /var/guix/profiles/per-user/florian
fixes the issue, but the installer should do this automatically.
Regards,
Florian
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#35341: Guix System installer does not set up passwords and profile directories
2019-04-20 12:56 bug#35341: Guix System installer does not set up passwords and profile directories pelzflorian (Florian Pelz)
@ 2019-04-22 10:02 ` Ludovic Courtès
2019-04-22 10:13 ` Ludovic Courtès
1 sibling, 0 replies; 5+ messages in thread
From: Ludovic Courtès @ 2019-04-22 10:02 UTC (permalink / raw)
To: pelzflorian (Florian Pelz); +Cc: 35341-done
Hello Florian,
"pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> skribis:
> I installed Guix System from a USB flash drive from the current git
> master. The manual describes I should set up a password with passwd.
> I think the installer should automate this, so users do not need to
> know the passwd command.
I’ll open a separate bug for that.
> After setting a password with `passwd florian` and logging in
> as florian, I run `guix pull`. This yields the following error:
>
> pull: error: while creating directory `/var/guix/profiles/per-user/florian': Permission denied
> hint: Please create the `/var/guix/profiles/per-user/florian' directory, with you
> as the owner.
Oh, got it.
On a fresh system (one can check with ‘guix system vm bare-bones.tmpl’
for instance), /var/guix/profiles/per-user is 555 and root-owned, so not
writable.
Then, the first time a client such as ‘guix package’ connects to the
daemon, the daemon chmods /var/guix/profiles/per-user to 777
(world-writable), see local-store.cc:89.
Next, ‘guix package’ calls ‘ensure-default-profile’, which creates
/var/guix/profiles/per-user/$USER.
The problem with ‘guix pull’ is that it would call
‘ensure-default-profile’ before it has connected to the daemon.
Fixed in a06a95baffc2005ad1a64c4c3f82fc328e0d0009.
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#35341: Guix System installer does not set up passwords and profile directories
2019-04-20 12:56 bug#35341: Guix System installer does not set up passwords and profile directories pelzflorian (Florian Pelz)
2019-04-22 10:02 ` Ludovic Courtès
@ 2019-04-22 10:13 ` Ludovic Courtès
2019-04-22 10:21 ` pelzflorian (Florian Pelz)
1 sibling, 1 reply; 5+ messages in thread
From: Ludovic Courtès @ 2019-04-22 10:13 UTC (permalink / raw)
To: pelzflorian (Florian Pelz); +Cc: m.othacehe, 35341
Hi,
"pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> skribis:
> I installed Guix System from a USB flash drive from the current git
> master. The manual describes I should set up a password with passwd.
> I think the installer should automate this, so users do not need to
> know the passwd command.
I think it’d be nice if the installer would initialize the user
password, and also root’s password (which is empty by default).
The obvious approach would be to add a dialog box in the installer and
then set the ‘password’ field of each <user-account>, and also add a
<user-account> for root itself with the ‘password’ field set.
The problem with this approach is that password hashes would end
world-readable in the store, so we would need to add warnings asking
users to change passwords after logging in. Not great.
Another option would be to have an activation snippet that runs when
booting the newly installed system: if would check for a flag or
something (it could check for uninitialized passwords), and if it
determines it’s a first boot, open a dialog box asking for passwords.
We’d need to add a “post-install” service in the OS config that would do
just that.
That would be the most robust approach, but it’s also a bit more work I
guess. It’s also not so nice that users will see this extra service in
their config.
Thoughts?
Ludo’.
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#35341: Guix System installer does not set up passwords and profile directories
2019-04-22 10:13 ` Ludovic Courtès
@ 2019-04-22 10:21 ` pelzflorian (Florian Pelz)
2019-04-24 22:47 ` Ludovic Courtès
0 siblings, 1 reply; 5+ messages in thread
From: pelzflorian (Florian Pelz) @ 2019-04-22 10:21 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: m.othacehe, 35341
Why can’t the installer just chroot into the new system and call
passwd?
Regards,
Florian
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#35341: Guix System installer does not set up passwords and profile directories
2019-04-22 10:21 ` pelzflorian (Florian Pelz)
@ 2019-04-24 22:47 ` Ludovic Courtès
0 siblings, 0 replies; 5+ messages in thread
From: Ludovic Courtès @ 2019-04-24 22:47 UTC (permalink / raw)
To: pelzflorian (Florian Pelz); +Cc: m.othacehe, 35341
Password issue moved to <https://issues.guix.info/issue/35399>.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-04-24 22:48 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-04-20 12:56 bug#35341: Guix System installer does not set up passwords and profile directories pelzflorian (Florian Pelz)
2019-04-22 10:02 ` Ludovic Courtès
2019-04-22 10:13 ` Ludovic Courtès
2019-04-22 10:21 ` pelzflorian (Florian Pelz)
2019-04-24 22:47 ` Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).