unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* Why is greetd greeter user in so many groups?
@ 2022-06-21  4:33 kiasoc5
  2022-06-22 14:17 ` Lars-Dominik Braun
  0 siblings, 1 reply; 8+ messages in thread
From: kiasoc5 @ 2022-06-21  4:33 UTC (permalink / raw)
  To: guix-devel

Hooray, greetd has been merged! [1]

However, according to upstream the greeter user only needs to be in
the video and greeter groups. [2]

Whereas the guix definition for the greeter user has many more groups:

(define %greetd-accounts
  (list (user-account
         (name "greeter")
         (group "wheel")
         (supplementary-groups '("users" "tty" "input" "video"
"audio"))
         (system? #t))))

I can understand the need for tty and input, but why does the
greeter user need the wheel and audio?

1. https://issues.guix.gnu.org/49969
2. https://git.sr.ht/~kennylevinsen/greetd/#manually-from-source


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Why is greetd greeter user in so many groups?
  2022-06-21  4:33 Why is greetd greeter user in so many groups? kiasoc5
@ 2022-06-22 14:17 ` Lars-Dominik Braun
  2022-06-22 14:24   ` Brian Cully via Development of GNU Guix and the GNU System distribution.
  0 siblings, 1 reply; 8+ messages in thread
From: Lars-Dominik Braun @ 2022-06-22 14:17 UTC (permalink / raw)
  To: kiasoc5; +Cc: guix-devel

Hi,

I merged greetd.

>          (group "wheel")
>          (supplementary-groups '("users" "tty" "input" "video"
> "audio"))
> […]
> I can understand the need for tty and input, but why does the
> greeter user need the wheel and audio?
I believe wheel is necessary to write logs to /var/log, because they
don’t go through the syslog. audio maybe for GTK-based greeter with
accessibility (i.e. TTS), but I’m not sure to be honest.

Lars



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Why is greetd greeter user in so many groups?
  2022-06-22 14:17 ` Lars-Dominik Braun
@ 2022-06-22 14:24   ` Brian Cully via Development of GNU Guix and the GNU System distribution.
  2022-06-23 10:41     ` Lars-Dominik Braun
  0 siblings, 1 reply; 8+ messages in thread
From: Brian Cully via Development of GNU Guix and the GNU System distribution. @ 2022-06-22 14:24 UTC (permalink / raw)
  To: Lars-Dominik Braun; +Cc: kiasoc5, guix-devel


Lars-Dominik Braun <lars@6xq.net> writes:

> I believe wheel is necessary to write logs to /var/log, because 
> they
> don’t go through the syslog. audio maybe for GTK-based greeter 
> with
> accessibility (i.e. TTS), but I’m not sure to be honest.

Only root can write to /var/log, so wheel is irrelevant. And, 
indeed, greetd logs are being written as root:

--8<---------------cut here---------------start------------->8---
psyduck:~% ls -la /var/log
total 7028
drwxr-xr-x 1 root root     560 Jun 19 14:10 ./
drwxr-xr-x 1 root root      64 Jun 20 18:09 ../
    […]
-rw-r----- 1 root root    1694 Jun 20 16:12 greetd-1.log
-rw-r----- 1 root root    8035 Jun 19 21:10 greetd-2.log
--8<---------------cut here---------------end--------------->8---

-bjc


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Why is greetd greeter user in so many groups?
  2022-06-22 14:24   ` Brian Cully via Development of GNU Guix and the GNU System distribution.
@ 2022-06-23 10:41     ` Lars-Dominik Braun
  2022-06-23 12:15       ` Brian Cully via Development of GNU Guix and the GNU System distribution.
  0 siblings, 1 reply; 8+ messages in thread
From: Lars-Dominik Braun @ 2022-06-23 10:41 UTC (permalink / raw)
  To: Brian Cully; +Cc: kiasoc5, guix-devel

Hi,

> Only root can write to /var/log, so wheel is irrelevant. And, indeed, greetd
> logs are being written as root:
oh, I guess they are written by greetd, not the greeter itself. Does
greetd work without the groups in questions? (I don’t have access to
a powerful machine right now to test it.)

Thanks,
Lars



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Why is greetd greeter user in so many groups?
  2022-06-23 10:41     ` Lars-Dominik Braun
@ 2022-06-23 12:15       ` Brian Cully via Development of GNU Guix and the GNU System distribution.
  2022-06-29  7:41         ` Lars-Dominik Braun
  0 siblings, 1 reply; 8+ messages in thread
From: Brian Cully via Development of GNU Guix and the GNU System distribution. @ 2022-06-23 12:15 UTC (permalink / raw)
  To: Lars-Dominik Braun; +Cc: kiasoc5, guix-devel


Lars-Dominik Braun <lars@6xq.net> writes:

> oh, I guess they are written by greetd, not the greeter 
> itself. Does
> greetd work without the groups in questions? (I don’t have 
> access to
> a powerful machine right now to test it.)

Since greetd is currently being run as root, it doesn't need any 
extra group membership.

I'm using the following patch with no observed change in behavior:

--8<---------------cut here---------------start------------->8---
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index d58afb27e3..e9be2b9df1 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -2912,8 +2912,11 @@ (define 
(make-greetd-terminal-configuration-file config)
 (define %greetd-accounts
   (list (user-account
          (name "greeter")
-         (group "wheel")
-         (supplementary-groups '("users" "tty" "input" "video" 
          "audio"))
+         (group "greeter")
+         (supplementary-groups '())
+         (system? #t))
+        (user-group
+         (name "greeter")
          (system? #t))))
 
 (define %greetd-file-systems
--8<---------------cut here---------------end--------------->8---

-bjc


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Why is greetd greeter user in so many groups?
  2022-06-23 12:15       ` Brian Cully via Development of GNU Guix and the GNU System distribution.
@ 2022-06-29  7:41         ` Lars-Dominik Braun
  2022-06-29 17:59           ` kiasoc5
  0 siblings, 1 reply; 8+ messages in thread
From: Lars-Dominik Braun @ 2022-06-29  7:41 UTC (permalink / raw)
  To: Brian Cully; +Cc: kiasoc5, guix-devel

Hi,

> Since greetd is currently being run as root, it doesn't need any 
> extra group membership.
indeed, agreety works fine with that patch. I’d still keep the video
supplementary group, so one can run gtkgreet/wlgreet (if they ever pop
up in Guix). Any objections?

Cheers,
Lars



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Why is greetd greeter user in so many groups?
  2022-06-29  7:41         ` Lars-Dominik Braun
@ 2022-06-29 17:59           ` kiasoc5
  2022-06-30  7:48             ` Lars-Dominik Braun
  0 siblings, 1 reply; 8+ messages in thread
From: kiasoc5 @ 2022-06-29 17:59 UTC (permalink / raw)
  To: Lars-Dominik Braun; +Cc: Brian Cully, guix-devel

Hi Lars,

On Wed, Jun 29 2022, 09:41:51 AM +0200
Lars-Dominik Braun <lars@6xq.net> wrote:

> indeed, agreety works fine with that patch. I’d still keep the video
> supplementary group, so one can run gtkgreet/wlgreet (if they ever pop
> up in Guix). Any objections?

Sounds good, thanks for the fix!


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Why is greetd greeter user in so many groups?
  2022-06-29 17:59           ` kiasoc5
@ 2022-06-30  7:48             ` Lars-Dominik Braun
  0 siblings, 0 replies; 8+ messages in thread
From: Lars-Dominik Braun @ 2022-06-30  7:48 UTC (permalink / raw)
  To: kiasoc5; +Cc: Brian Cully, guix-devel

Hi,

> Sounds good, thanks for the fix!
d921516f50a946e92f9d5dc6d3bd49aca9788ac2 services: greetd: Remove unnecessary user groups.

Cheers,
Lars



^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2022-06-30  7:49 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-21  4:33 Why is greetd greeter user in so many groups? kiasoc5
2022-06-22 14:17 ` Lars-Dominik Braun
2022-06-22 14:24   ` Brian Cully via Development of GNU Guix and the GNU System distribution.
2022-06-23 10:41     ` Lars-Dominik Braun
2022-06-23 12:15       ` Brian Cully via Development of GNU Guix and the GNU System distribution.
2022-06-29  7:41         ` Lars-Dominik Braun
2022-06-29 17:59           ` kiasoc5
2022-06-30  7:48             ` Lars-Dominik Braun

Code repositories for project(s) associated with this inbox:

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).