unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* User shell: state or config?
@ 2019-04-25 10:40 Ludovic Courtès
  2019-04-25 11:59 ` mikadoZero
                   ` (2 more replies)
  0 siblings, 3 replies; 8+ messages in thread
From: Ludovic Courtès @ 2019-04-25 10:40 UTC (permalink / raw)
  To: Guix-devel

[-- Attachment #1: Type: text/plain, Size: 1876 bytes --]

Hello Guix!

We recently discussed handling of the ‘shell’ field of ‘user-account’:

  https://lists.gnu.org/archive/html/help-guix/2019-04/msg00171.html

As I wrote there, starting with the switch to (gnu build accounts) in
0ae735bcc8ff7fdc89d67b492bdee9091ee19e86, user shells are considered
“state”.  Before they were “config”: ‘guix system reconfigure’ would
always reset the user shells.

Considering user shells as state seemed like a good idea because, on a
multi-user system, you’d rather let user invoke ‘chsh’ than have root
reconfigure the system just to change the user’s shell.  The patches
below document that.

However, thinking more about it, I’m not sure if considering shells as
state is such a good idea, for several reasons:

  1. It’s surprising that ‘guix system reconfigure’ doesn’t actually
     change the shell, as Tanguy reported.

  2. ‘chsh’ restricts users to the shells listed in /etc/shells anyway,
     which is the combination of all the ‘shell’ fields, currently.

     Given this restriction, you might just as well ask the admin to
     change the shell for you.

  3. It’s easy to end up with a shell that’s eventually GC’d.

     Scenario #1: your shell is initially set to
     /gnu/store/…-bash/bin/bash, which at the time is GC-protected
     (listed in /etc/shells, etc.).  However, later, this specific Bash
     variant is GC’d, and boom, you’re left with nothing.

     Scenario #2: you set your shell to
     /run/current-system/profile/bin/zsh, which is GC-protected, but
     eventually the admin removes zsh for the global profile.

All in all, I’m in favor of switching back to the previous behavior:
considering user shells as system config.  That’s a one-line change in
(gnu build accounts).

Thoughts?

Ludo’.


[-- Attachment #2: allow for chsh --]
[-- Type: text/x-patch, Size: 1846 bytes --]

From d1586f0c77cf63d0259cca9fc50c210c584529b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Thu, 25 Apr 2019 12:10:06 +0200
Subject: [PATCH 1/2] system: Add 'chsh' to %SETUID-PROGRAMS.

* gnu/system/pam.scm (base-pam-services): Add "chsh".
* gnu/system.scm (%setuid-programs): Add chsh.
---
 gnu/system.scm     | 1 +
 gnu/system/pam.scm | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/gnu/system.scm b/gnu/system.scm
index b00d384fee..a85ec109ac 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -794,6 +794,7 @@ use 'plain-file' instead~%")
   ;; Default set of setuid-root programs.
   (let ((shadow (@ (gnu packages admin) shadow)))
     (list (file-append shadow "/bin/passwd")
+          (file-append shadow "/bin/chsh")
           (file-append shadow "/bin/su")
           (file-append shadow "/bin/newuidmap")
           (file-append shadow "/bin/newgidmap")
diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm
index 13f76a50ed..27239c5621 100644
--- a/gnu/system/pam.scm
+++ b/gnu/system/pam.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2019 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -265,7 +265,7 @@ authenticate to run COMMAND."
           ;; These programs are setuid-root.
           (map (cut unix-pam-service <>
                     #:allow-empty-passwords? allow-empty-passwords?)
-               '("passwd" "sudo"))
+               '("passwd" "chsh" "sudo"))
           ;; This is setuid-root, as well.  Allow root to run "su" without
           ;; authenticating.
           (list (unix-pam-service "su"
-- 
2.21.0


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #3: document --]
[-- Type: text/x-patch, Size: 1298 bytes --]

From 6ab1ecd628f13829e31e4bcbe7bf0ff53951eedd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Thu, 25 Apr 2019 12:23:11 +0200
Subject: [PATCH 2/2] doc: Document 'chsh'.

* doc/guix.texi (User Accounts): Document 'chsh'.
---
 doc/guix.texi | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index 879cb562e9..b5048f7269 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -11000,6 +11000,15 @@ if it does not exist yet.
 This is a G-expression denoting the file name of a program to be used as
 the shell (@pxref{G-Expressions}).
 
+Users may change their shell at any time by running the @command{chsh}
+command---run @command{man chsh} for more info.  The list of allowed shells
+can be found in the @file{/etc/shells} file, which is itself the combination
+of the @code{shell} fields of all the user accounts.
+
+Because the account's shell is user-modifiable system state---just like
+passwords---it is preserved across reboots and reconfiguration, even if the
+administrator changes the value of the @code{shell} field.
+
 @item @code{system?} (default: @code{#f})
 This Boolean value indicates whether the account is a ``system''
 account.  System accounts are sometimes treated specially; for instance,
-- 
2.21.0


^ permalink raw reply related	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2019-04-27 10:54 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-04-25 10:40 User shell: state or config? Ludovic Courtès
2019-04-25 11:59 ` mikadoZero
2019-04-25 18:03   ` Tobias Geerinckx-Rice
2019-04-26  6:25     ` Chris Marusich
2019-04-27 10:51       ` Ludovic Courtès
2019-04-26 20:18 ` Tanguy Le Carrour
2019-04-27 10:54   ` Ludovic Courtès
2019-04-27  8:22 ` Meiyo Peng

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).