unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* Why is greetd greeter user in so many groups?
@ 2022-06-21  4:33 kiasoc5
  2022-06-22 14:17 ` Lars-Dominik Braun
  0 siblings, 1 reply; 11+ messages in thread
From: kiasoc5 @ 2022-06-21  4:33 UTC (permalink / raw)
  To: guix-devel

Hooray, greetd has been merged! [1]

However, according to upstream the greeter user only needs to be in
the video and greeter groups. [2]

Whereas the guix definition for the greeter user has many more groups:

(define %greetd-accounts
  (list (user-account
         (name "greeter")
         (group "wheel")
         (supplementary-groups '("users" "tty" "input" "video"
"audio"))
         (system? #t))))

I can understand the need for tty and input, but why does the
greeter user need the wheel and audio?

1. https://issues.guix.gnu.org/49969
2. https://git.sr.ht/~kennylevinsen/greetd/#manually-from-source


^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: Why is greetd greeter user in so many groups?
  2022-06-21  4:33 Why is greetd greeter user in so many groups? kiasoc5
@ 2022-06-22 14:17 ` Lars-Dominik Braun
  2022-06-22 14:24   ` Brian Cully via Development of GNU Guix and the GNU System distribution.
  0 siblings, 1 reply; 11+ messages in thread
From: Lars-Dominik Braun @ 2022-06-22 14:17 UTC (permalink / raw)
  To: kiasoc5; +Cc: guix-devel

Hi,

I merged greetd.

>          (group "wheel")
>          (supplementary-groups '("users" "tty" "input" "video"
> "audio"))
> […]
> I can understand the need for tty and input, but why does the
> greeter user need the wheel and audio?
I believe wheel is necessary to write logs to /var/log, because they
don’t go through the syslog. audio maybe for GTK-based greeter with
accessibility (i.e. TTS), but I’m not sure to be honest.

Lars



^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: Why is greetd greeter user in so many groups?
  2022-06-22 14:17 ` Lars-Dominik Braun
@ 2022-06-22 14:24   ` Brian Cully via Development of GNU Guix and the GNU System distribution.
  2022-06-23 10:41     ` Lars-Dominik Braun
  0 siblings, 1 reply; 11+ messages in thread
From: Brian Cully via Development of GNU Guix and the GNU System distribution. @ 2022-06-22 14:24 UTC (permalink / raw)
  To: Lars-Dominik Braun; +Cc: kiasoc5, guix-devel


Lars-Dominik Braun <lars@6xq.net> writes:

> I believe wheel is necessary to write logs to /var/log, because 
> they
> don’t go through the syslog. audio maybe for GTK-based greeter 
> with
> accessibility (i.e. TTS), but I’m not sure to be honest.

Only root can write to /var/log, so wheel is irrelevant. And, 
indeed, greetd logs are being written as root:

--8<---------------cut here---------------start------------->8---
psyduck:~% ls -la /var/log
total 7028
drwxr-xr-x 1 root root     560 Jun 19 14:10 ./
drwxr-xr-x 1 root root      64 Jun 20 18:09 ../
    […]
-rw-r----- 1 root root    1694 Jun 20 16:12 greetd-1.log
-rw-r----- 1 root root    8035 Jun 19 21:10 greetd-2.log
--8<---------------cut here---------------end--------------->8---

-bjc


^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: Why is greetd greeter user in so many groups?
  2022-06-22 14:24   ` Brian Cully via Development of GNU Guix and the GNU System distribution.
@ 2022-06-23 10:41     ` Lars-Dominik Braun
  2022-06-23 12:15       ` Brian Cully via Development of GNU Guix and the GNU System distribution.
  0 siblings, 1 reply; 11+ messages in thread
From: Lars-Dominik Braun @ 2022-06-23 10:41 UTC (permalink / raw)
  To: Brian Cully; +Cc: kiasoc5, guix-devel

Hi,

> Only root can write to /var/log, so wheel is irrelevant. And, indeed, greetd
> logs are being written as root:
oh, I guess they are written by greetd, not the greeter itself. Does
greetd work without the groups in questions? (I don’t have access to
a powerful machine right now to test it.)

Thanks,
Lars



^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: Why is greetd greeter user in so many groups?
  2022-06-23 10:41     ` Lars-Dominik Braun
@ 2022-06-23 12:15       ` Brian Cully via Development of GNU Guix and the GNU System distribution.
  2022-06-29  7:41         ` Lars-Dominik Braun
  0 siblings, 1 reply; 11+ messages in thread
From: Brian Cully via Development of GNU Guix and the GNU System distribution. @ 2022-06-23 12:15 UTC (permalink / raw)
  To: Lars-Dominik Braun; +Cc: kiasoc5, guix-devel


Lars-Dominik Braun <lars@6xq.net> writes:

> oh, I guess they are written by greetd, not the greeter 
> itself. Does
> greetd work without the groups in questions? (I don’t have 
> access to
> a powerful machine right now to test it.)

Since greetd is currently being run as root, it doesn't need any 
extra group membership.

I'm using the following patch with no observed change in behavior:

--8<---------------cut here---------------start------------->8---
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index d58afb27e3..e9be2b9df1 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -2912,8 +2912,11 @@ (define 
(make-greetd-terminal-configuration-file config)
 (define %greetd-accounts
   (list (user-account
          (name "greeter")
-         (group "wheel")
-         (supplementary-groups '("users" "tty" "input" "video" 
          "audio"))
+         (group "greeter")
+         (supplementary-groups '())
+         (system? #t))
+        (user-group
+         (name "greeter")
          (system? #t))))
 
 (define %greetd-file-systems
--8<---------------cut here---------------end--------------->8---

-bjc


^ permalink raw reply related	[flat|nested] 11+ messages in thread

* Re: Why is greetd greeter user in so many groups?
  2022-06-23 12:15       ` Brian Cully via Development of GNU Guix and the GNU System distribution.
@ 2022-06-29  7:41         ` Lars-Dominik Braun
  2022-06-29 17:59           ` kiasoc5
  0 siblings, 1 reply; 11+ messages in thread
From: Lars-Dominik Braun @ 2022-06-29  7:41 UTC (permalink / raw)
  To: Brian Cully; +Cc: kiasoc5, guix-devel

Hi,

> Since greetd is currently being run as root, it doesn't need any 
> extra group membership.
indeed, agreety works fine with that patch. I’d still keep the video
supplementary group, so one can run gtkgreet/wlgreet (if they ever pop
up in Guix). Any objections?

Cheers,
Lars



^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: Why is greetd greeter user in so many groups?
  2022-06-29  7:41         ` Lars-Dominik Braun
@ 2022-06-29 17:59           ` kiasoc5
  2022-06-30  7:48             ` Lars-Dominik Braun
  0 siblings, 1 reply; 11+ messages in thread
From: kiasoc5 @ 2022-06-29 17:59 UTC (permalink / raw)
  To: Lars-Dominik Braun; +Cc: Brian Cully, guix-devel

Hi Lars,

On Wed, Jun 29 2022, 09:41:51 AM +0200
Lars-Dominik Braun <lars@6xq.net> wrote:

> indeed, agreety works fine with that patch. I’d still keep the video
> supplementary group, so one can run gtkgreet/wlgreet (if they ever pop
> up in Guix). Any objections?

Sounds good, thanks for the fix!


^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: Why is greetd greeter user in so many groups?
  2022-06-29 17:59           ` kiasoc5
@ 2022-06-30  7:48             ` Lars-Dominik Braun
  2022-08-02  8:44               ` muradm
  0 siblings, 1 reply; 11+ messages in thread
From: Lars-Dominik Braun @ 2022-06-30  7:48 UTC (permalink / raw)
  To: kiasoc5; +Cc: Brian Cully, guix-devel

Hi,

> Sounds good, thanks for the fix!
d921516f50a946e92f9d5dc6d3bd49aca9788ac2 services: greetd: Remove unnecessary user groups.

Cheers,
Lars



^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: Why is greetd greeter user in so many groups?
  2022-06-30  7:48             ` Lars-Dominik Braun
@ 2022-08-02  8:44               ` muradm
  2022-08-04  8:56                 ` Ludovic Courtès
  0 siblings, 1 reply; 11+ messages in thread
From: muradm @ 2022-08-02  8:44 UTC (permalink / raw)
  To: Lars-Dominik Braun; +Cc: kiasoc5, Brian Cully, guix-devel

[-- Attachment #1: Type: text/plain, Size: 845 bytes --]


Hello,

This change broke greetd on my side as I am using it with 
gtkgreet.

While greetd is running as root, specific greeter started by it is 
not.

This many groups was required to:
- make it able starting graphical greeters with user greeter
- access to seatd's socket file

I admit that, initially it was not clear what is needed, and how.
But now it is ok, I suggest to make groups configurable for both
greetd (56699) and seatd (56690).

This way is most flexible as how user prefers to use them.

Could your please have a look at these?

Once we done, I would like to submit at least gtkgreet as well.

Thanks in advance,
muradm

Lars-Dominik Braun <lars@6xq.net> writes:

> Hi,
>
>> Sounds good, thanks for the fix!
> d921516f50a946e92f9d5dc6d3bd49aca9788ac2 services: greetd: 
> Remove
> unnecessary user groups.
>
> Cheers,
> Lars


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: Why is greetd greeter user in so many groups?
  2022-08-02  8:44               ` muradm
@ 2022-08-04  8:56                 ` Ludovic Courtès
  2022-08-04 10:04                   ` muradm
  0 siblings, 1 reply; 11+ messages in thread
From: Ludovic Courtès @ 2022-08-04  8:56 UTC (permalink / raw)
  To: muradm; +Cc: Lars-Dominik Braun, kiasoc5, Brian Cully, guix-devel

Hi,

muradm <mail@muradm.net> skribis:

> This change broke greetd on my side as I am using it with gtkgreet.

Could you open an issue so we keep track of this?

> While greetd is running as root, specific greeter started by it is
> not.
>
> This many groups was required to:
> - make it able starting graphical greeters with user greeter
> - access to seatd's socket file

That sounds surprising to me.  If other distros don’t do that, there
must be something we’re missing?

Anyway, let’s see how to move forward.

Thanks,
Ludo’.


^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: Why is greetd greeter user in so many groups?
  2022-08-04  8:56                 ` Ludovic Courtès
@ 2022-08-04 10:04                   ` muradm
  0 siblings, 0 replies; 11+ messages in thread
From: muradm @ 2022-08-04 10:04 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: Lars-Dominik Braun, kiasoc5, Brian Cully, guix-devel

[-- Attachment #1: Type: text/plain, Size: 820 bytes --]


Hi,

Here you are: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=56971

I added explanations and proposed solution there as well.

Thanks in advance,
muradm

Ludovic Courtès <ludo@gnu.org> writes:

> Hi,
>
> muradm <mail@muradm.net> skribis:
>
>> This change broke greetd on my side as I am using it with 
>> gtkgreet.
>
> Could you open an issue so we keep track of this?
>
>> While greetd is running as root, specific greeter started by it 
>> is
>> not.
>>
>> This many groups was required to:
>> - make it able starting graphical greeters with user greeter
>> - access to seatd's socket file
>
> That sounds surprising to me.  If other distros don’t do that, 
> there
> must be something we’re missing?
>
> Anyway, let’s see how to move forward.
>
> Thanks,
> Ludo’.


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, other threads:[~2022-08-04 10:14 UTC | newest]

Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-06-21  4:33 Why is greetd greeter user in so many groups? kiasoc5
2022-06-22 14:17 ` Lars-Dominik Braun
2022-06-22 14:24   ` Brian Cully via Development of GNU Guix and the GNU System distribution.
2022-06-23 10:41     ` Lars-Dominik Braun
2022-06-23 12:15       ` Brian Cully via Development of GNU Guix and the GNU System distribution.
2022-06-29  7:41         ` Lars-Dominik Braun
2022-06-29 17:59           ` kiasoc5
2022-06-30  7:48             ` Lars-Dominik Braun
2022-08-02  8:44               ` muradm
2022-08-04  8:56                 ` Ludovic Courtès
2022-08-04 10:04                   ` muradm

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).