From: Jason Conroy <conjaroy@gmail.com>
To: 45570@debbugs.gnu.org
Subject: bug#45570: operating-system definitions allow duplicate passwd and group entries
Date: Thu, 31 Dec 2020 13:14:19 -0500 [thread overview]
Message-ID: <CABWzUjVOFSgBUw-Wyx-+BWL2VWhfJR=CGutVZZP8ri2KrdtUnw@mail.gmail.com> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 646 bytes --]
When an operating-system contains multiple users or groups with the same
name, instantiating it with `guix system` does not cause a validation
failure, nor are the duplicate entries filtered from the resulting /etc
files.
This duplication can happen in a few different ways:
- both entries are manually included in the "users" or "groups" fields of
the operating-system
- a manually-specified entry collides with an entry defined by a service
(via an account-service-type extension)
- multiple services define entries that collide with each other
Steps to reproduce: call "guix system container" with the attached
operating-system definition.
[-- Attachment #1.2: Type: text/html, Size: 805 bytes --]
[-- Attachment #2: duplicate-users-and-groups.scm --]
[-- Type: application/octet-stream, Size: 1827 bytes --]
(use-modules (gnu))
(use-service-modules networking ssh)
(use-package-modules screen ssh)
(operating-system
(host-name "komputilo")
(timezone "Europe/Berlin")
(locale "en_US.utf8")
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(target "/dev/sdX")))
(file-systems (cons (file-system
(device (file-system-label "my-root"))
(mount-point "/")
(type "ext4"))
%base-file-systems))
(users (append (list
;; Two manually-specified users with the same name
(user-account
(name "alice")
(comment "Alice 1")
(group "users"))
(user-account
(name "alice")
(comment "Alice 2")
(group "users"))
;; A manually-specified user with the same name as a
;; user defined by the openssh-service.
(user-account
(name "sshd")
(comment "Secure shell user")
(group "sshd")
(system? #t)))
%base-user-accounts))
(groups (append (list
;; Two manually-specified groups with the same name
(user-group
(name "power-users"))
(user-group
(name "power-users"))
;; A manually-specified group with the same name as
;; a group defined by the openssh-service.
(user-group
(name "sshd")))
%base-groups))
(services (append (list (service dhcp-client-service-type)
(service openssh-service-type
(openssh-configuration
(openssh openssh-sans-x)
(port-number 2222))))
%base-services)))
next reply other threads:[~2020-12-31 21:10 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-31 18:14 Jason Conroy [this message]
2021-01-01 11:13 ` bug#45570: [PATCH] system: Assert, that user and group names are unique Leo Prikler
2021-01-02 1:16 ` Danny Milosavljevic
2021-01-02 5:57 ` Leo Prikler
2021-01-06 9:56 ` Ludovic Courtès
2021-01-06 12:34 ` Leo Prikler
2021-01-06 13:32 ` Ludovic Courtès
2021-01-06 21:00 ` Leo Prikler
2021-01-07 8:29 ` Ludovic Courtès
2021-01-06 21:21 ` bug#45570: [PATCH v2] " Leo Prikler
2021-01-07 8:35 ` Ludovic Courtès
2021-01-07 11:13 ` Leo Prikler
2021-01-07 11:10 ` bug#45570: [PATCH v3] " Leo Prikler
2021-01-11 13:09 ` Ludovic Courtès
2021-01-11 15:06 ` Leo Prikler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CABWzUjVOFSgBUw-Wyx-+BWL2VWhfJR=CGutVZZP8ri2KrdtUnw@mail.gmail.com' \
--to=conjaroy@gmail.com \
--cc=45570@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).