bug#37423: Changing the login service from GDM to SLiM and then back to GDM causes a really bad loop

bug#37423: Changing the login service from GDM to SLiM and then back to GDM causes a really bad loop

[Jan]

Hi.

Changing the login service from GDM to SLiM and then back to GDM makes
GDM to loop like this:
"New session c1 of user gdm."
"Removed session c1."
"New session c2 of user gdm."
"Removed session c2."
...

And it continues like this to relatively high numbers like c167. Didn't
check how far it could go, but that's not important anyway.
Reverting to the previous definition of the system by using 
"guix system switch-generation" or using grub menu entries doesn't help,
changing /etc/config.scm back to the default gdm configuration and
running 
"guix system reconfigure" doesn't help either.

There's also one strange thing that have happened before rebooting -
when logging off, SLiM was running in a loop too - I couldn't turn off
the computer using it, I had to switch to another tty and run "shutdown"
manualy.

But reverting to a configuration with SLiM works - I can use the system
with it, but can't with GDM anymore.

---
Jan Wielkiewicz

bug#37423: Changing the login service from GDM to SLiM and then back to GDM causes a really bad loop

[Timothy Sample]

Hi Jan,

Jan <tona_kosmicznego_smiecia@interia.pl> writes:

> Hi.
>
> Changing the login service from GDM to SLiM and then back to GDM makes
> GDM to loop like this:
> "New session c1 of user gdm."
> "Removed session c1."
> "New session c2 of user gdm."
> "Removed session c2."
> ...
>
> And it continues like this to relatively high numbers like c167. Didn't
> check how far it could go, but that's not important anyway.
> Reverting to the previous definition of the system by using 
> "guix system switch-generation" or using grub menu entries doesn't help,
> changing /etc/config.scm back to the default gdm configuration and
> running 
> "guix system reconfigure" doesn't help either.

Could this be the same issue as <https://bugs.gnu.org/36508>?  In short,
Guix doesn’t guarantee that the “gdm” user will have the same UID if it
gets deleted and recreated (which happens when you remove the GDM
service and add it again).  You can fix this by ensuring the owner of
the files under “/var/lib/gdm” is the current “gdm” user.


-- Tim

bug#37423: Changing the login service from GDM to SLiM and then back to GDM causes a really bad loop

[Jan]

On Tue, 17 Sep 2019 00:45:58 -0400
Timothy Sample <samplet@ngyro.com> wrote:

> Could this be the same issue as <https://bugs.gnu.org/36508>?  In
> short, Guix doesn’t guarantee that the “gdm” user will have the same
> UID if it gets deleted and recreated (which happens when you remove
> the GDM service and add it again).  You can fix this by ensuring the
> owner of the files under “/var/lib/gdm” is the current “gdm” user.
> 
> 
> -- Tim

Yes, this seems to be the same issue. I'll try the solution, but it
needs to be fixed anyway. Hope someone works on that.
Thanks for help!


---
Jan

bug#37423: Changing the login service from GDM to SLiM and then back to GDM causes a really bad loop

[Ludovic Courtès]

[-- Attachment #1: Type: text/plain, Size: 789 bytes --]

Hello,

Timothy Sample <samplet@ngyro.com> skribis:

> Could this be the same issue as <https://bugs.gnu.org/36508>?  In short,
> Guix doesn’t guarantee that the “gdm” user will have the same UID if it
> gets deleted and recreated (which happens when you remove the GDM
> service and add it again).  You can fix this by ensuring the owner of
> the files under “/var/lib/gdm” is the current “gdm” user.

If you just (1) configure with GDM, (2) reconfigure without GDM, and (3)
reconfigure with GDM again, I would expect the original UID of ‘gdm’ to
be reused in step #3, as long as it has not been reallocated in the
meantime (for instance because the user created other accounts.)

We could address this by fixing the UID and GID of the ‘gdm’ user:


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/x-patch, Size: 502 bytes --]

diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm
index 06d72b5f60..e87cb4d845 100644
--- a/gnu/services/xorg.scm
+++ b/gnu/services/xorg.scm
@@ -764,9 +764,10 @@ the GNOME desktop environment.")
 ;;;
 
 (define %gdm-accounts
-  (list (user-group (name "gdm") (system? #t))
+  (list (user-group (name "gdm") (system? #t) (id 900))
         (user-account
          (name "gdm")
+         (uid 900)
          (group "gdm")
          (system? #t)
          (comment "GNOME Display Manager user")

[-- Attachment #3: Type: text/plain, Size: 832 bytes --]


However, looking at the allocation routines in (gnu build accounts), I
think that this would forcefully set ‘gdm’ to 900/900 on existing
installations, even if 900 is already used by another account:

--8<---------------cut here---------------start------------->8---
scheme@(gnu build accounts)> (allocate-groups (list (user-group (name "foo")(id 10)))
					      vlist-null
					      (list (group-entry
						     (name "foo")  (gid 20))))
$2 = (#<<group-entry> name: "foo" password: #f gid: 10 members: ()>)
--8<---------------cut here---------------end--------------->8---

That’s a valid policy (declaration prevails over state), but it does
mean that we can’t really apply the above patch.

(Or we could use much lower UID/GID numbers, which are less likely to be
taken…)

Thoughts?

Ludo’.

bug#37423: Changing the login service from GDM to SLiM and then back to GDM causes a really bad loop

[Gábor Boskovits]

[-- Attachment #1: Type: text/plain, Size: 2224 bytes --]

Hello,

Ludovic Courtès <ludo@gnu.org> ezt írta (időpont: 2019. szept. 19., Cs,
23:24):

> Hello,
>
> Timothy Sample <samplet@ngyro.com> skribis:
>
> > Could this be the same issue as <https://bugs.gnu.org/36508>?  In short,
> > Guix doesn’t guarantee that the “gdm” user will have the same UID if it
> > gets deleted and recreated (which happens when you remove the GDM
> > service and add it again).  You can fix this by ensuring the owner of
> > the files under “/var/lib/gdm” is the current “gdm” user.
>
> If you just (1) configure with GDM, (2) reconfigure without GDM, and (3)
> reconfigure with GDM again, I would expect the original UID of ‘gdm’ to
> be reused in step #3, as long as it has not been reallocated in the
> meantime (for instance because the user created other accounts.)
>
> We could address this by fixing the UID and GID of the ‘gdm’ user:
>
>
> However, looking at the allocation routines in (gnu build accounts), I
> think that this would forcefully set ‘gdm’ to 900/900 on existing
> installations, even if 900 is already used by another account:
>
> --8<---------------cut here---------------start------------->8---
> scheme@(gnu build accounts)> (allocate-groups (list (user-group (name
> "foo")(id 10)))
>                                               vlist-null
>                                               (list (group-entry
>                                                      (name "foo")  (gid
> 20))))
> $2 = (#<<group-entry> name: "foo" password: #f gid: 10 members: ()>)
> --8<---------------cut here---------------end--------------->8---
>
> That’s a valid policy (declaration prevails over state), but it does
> mean that we can’t really apply the above patch.
>
> (Or we could use much lower UID/GID numbers, which are less likely to be
> taken…)
>
> Thoughts?
>
>
Couldn't we simply do what the fix does: ensuring the owner of
the files under “/var/lib/gdm” is the current “gdm” user?


> Ludo’.
>

That would solve this issue, without actually fixing the UID and GID.


Best regards,
g_bor
-- 
OpenPGP Key Fingerprint: 7988:3B9F:7D6A:4DBF:3719:0367:2506:A96C:CF63:0B21

[-- Attachment #2: Type: text/html, Size: 3197 bytes --]

bug#37423: Changing the login service from GDM to SLiM and then back to GDM causes a really bad loop

[Tobias Geerinckx-Rice via Bug reports for GNU Guix]

[-- Attachment #1: Type: text/plain, Size: 641 bytes --]

Hi Ludo'!

Ludovic Courtès 写道：
> However, looking at the allocation routines in (gnu build 
> accounts), I
> think that this would forcefully set ‘gdm’ to 900/900 on 
> existing
> installations, even if 900 is already used by another account:

I'm already using GID 900 (and others) for my own nefarious ends. 
How would this even deal with that?  Am I doomed to forever jump 
around, dodging new hard-coded GIDs?

> (Or we could use much lower UID/GID numbers, which are less 
> likely to be
> taken…)

‘Likely’, eek ;-)

So now you're coming after my ‘25’ vmail user, eh.

Kind regards,

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

bug#37423: Changing the login service from GDM to SLiM and then back to GDM causes a really bad loop

[Ludovic Courtès]

[-- Attachment #1: Type: text/plain, Size: 386 bytes --]

Hi Gábor,

Gábor Boskovits <boskovits@gmail.com> skribis:

> Couldn't we simply do what the fix does: ensuring the owner of
> the files under “/var/lib/gdm” is the current “gdm” user?

Hey you’re right, I was not approaching it from the right angle.

Here’s a patch that does that.  Thoughts?

I’ll push it if there are no objections.

Thanks,
Ludo’.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/x-patch, Size: 1856 bytes --]

diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm
index 06d72b5f60..1d55e388a1 100644
--- a/gnu/services/xorg.scm
+++ b/gnu/services/xorg.scm
@@ -773,6 +773,27 @@ the GNOME desktop environment.")
          (home-directory "/var/lib/gdm")
          (shell (file-append shadow "/sbin/nologin")))))
 
+(define %gdm-activation
+  ;; Ensure /var/lib/gdm is owned by the "gdm" user.  This is normally the
+  ;; case but could be wrong if the "gdm" user was created, then removed, and
+  ;; then recreated under a different UID/GID: <https://bugs.gnu.org/37423>.
+  (with-imported-modules '((guix build utils))
+    #~(begin
+        (use-modules (guix build utils))
+
+        (let* ((gdm (getpwnam "gdm"))
+               (uid (passwd:uid gdm))
+               (gid (passwd:gid gdm))
+               (st  (stat "/var/lib/gdm" #f)))
+          ;; Recurse into /var/lib/gdm only if it has wrong ownership.
+          (when (and st
+                     (or (not (= uid (stat:uid st)))
+                         (not (= gid (stat:gid st)))))
+            (for-each (lambda (file)
+                        (chown file uid gid))
+                      (find-files "/var/lib/gdm"
+                                  #:directories? #t)))))))
+
 (define dbus-daemon-wrapper
   (program-file
    "gdm-dbus-wrapper"
@@ -915,6 +936,8 @@ the GNOME desktop environment.")
                 (extensions
                  (list (service-extension shepherd-root-service-type
                                           gdm-shepherd-service)
+                       (service-extension activation-service-type
+                                          (const %gdm-activation))
                        (service-extension account-service-type
                                           (const %gdm-accounts))
                        (service-extension pam-root-service-type

bug#37423: Changing the login service from GDM to SLiM and then back to GDM causes a really bad loop

[Julien Lepiller]

Le 20 septembre 2019 11:40:43 GMT+02:00, "Ludovic Courtès" <ludo@gnu.org> a écrit :
>Hi Gábor,
>
>Gábor Boskovits <boskovits@gmail.com> skribis:
>
>> Couldn't we simply do what the fix does: ensuring the owner of
>> the files under “/var/lib/gdm” is the current “gdm” user?
>
>Hey you’re right, I was not approaching it from the right angle.
>
>Here’s a patch that does that.  Thoughts?
>
>I’ll push it if there are no objections.
>
>Thanks,
>Ludo’.

Looks good :)

bug#37423: Changing the login service from GDM to SLiM and then back to GDM causes a really bad loop

[Timothy Sample]

Hi Ludo and Gábor,

Ludovic Courtès <ludo@gnu.org> writes:

> Hi Gábor,
>
> Gábor Boskovits <boskovits@gmail.com> skribis:
>
>> Couldn't we simply do what the fix does: ensuring the owner of
>> the files under “/var/lib/gdm” is the current “gdm” user?
>
> Hey you’re right, I was not approaching it from the right angle.
>
> Here’s a patch that does that.  Thoughts?

LGTM!  Though I don’t have a chance to test it at the moment, so all I
can really say is that it makes sense and I didn’t see any typos.  :)


-- Tim

bug#37423: Changing the login service from GDM to SLiM and then back to GDM causes a really bad loop

[Ludovic Courtès]

Hello,

Timothy Sample <samplet@ngyro.com> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:
>
>> Hi Gábor,
>>
>> Gábor Boskovits <boskovits@gmail.com> skribis:
>>
>>> Couldn't we simply do what the fix does: ensuring the owner of
>>> the files under “/var/lib/gdm” is the current “gdm” user?
>>
>> Hey you’re right, I was not approaching it from the right angle.
>>
>> Here’s a patch that does that.  Thoughts?
>
> LGTM!  Though I don’t have a chance to test it at the moment, so all I
> can really say is that it makes sense and I didn’t see any typos.  :)

I tested in a VM and it’s all good.  Pushed as
f817901ee74fbc2f3c3322d473ad4c72b052499c.

Thanks,
Ludo’.