From: mikadoZero <mikadozero@yandex.com>
To: guix-devel@gnu.org
Subject: Re: User shell: state or config?
Date: Thu, 25 Apr 2019 07:59:05 -0400 [thread overview]
Message-ID: <cuc4l6mi9di.fsf@yandex.com> (raw)
In-Reply-To: <874l6mpduo.fsf@gnu.org>
Ludovic Courtès writes:
> Hello Guix!
>
> We recently discussed handling of the ‘shell’ field of ‘user-account’:
>
> https://lists.gnu.org/archive/html/help-guix/2019-04/msg00171.html
>
> As I wrote there, starting with the switch to (gnu build accounts) in
> 0ae735bcc8ff7fdc89d67b492bdee9091ee19e86, user shells are considered
> “state”. Before they were “config”: ‘guix system reconfigure’ would
> always reset the user shells.
>
> Considering user shells as state seemed like a good idea because, on a
> multi-user system, you’d rather let user invoke ‘chsh’ than have root
> reconfigure the system just to change the user’s shell. The patches
> below document that.
>
> However, thinking more about it, I’m not sure if considering shells as
> state is such a good idea, for several reasons:
>
> 1. It’s surprising that ‘guix system reconfigure’ doesn’t actually
> change the shell, as Tanguy reported.
As a new user of Guix System I was recently surprised by this as well.
I was expecting the shell to be managed by configuration.
https://lists.gnu.org/archive/html/help-guix/2019-03/msg00089.html
> 2. ‘chsh’ restricts users to the shells listed in /etc/shells anyway,
> which is the combination of all the ‘shell’ fields, currently.
>
> Given this restriction, you might just as well ask the admin to
> change the shell for you.
>
> 3. It’s easy to end up with a shell that’s eventually GC’d.
>
> Scenario #1: your shell is initially set to
> /gnu/store/…-bash/bin/bash, which at the time is GC-protected
> (listed in /etc/shells, etc.). However, later, this specific Bash
> variant is GC’d, and boom, you’re left with nothing.
>
> Scenario #2: you set your shell to
> /run/current-system/profile/bin/zsh, which is GC-protected, but
> eventually the admin removes zsh for the global profile.
>
> All in all, I’m in favor of switching back to the previous behavior:
> considering user shells as system config. That’s a one-line change in
> (gnu build accounts).
>
> Thoughts?
>
> Ludo’.
>
> From d1586f0c77cf63d0259cca9fc50c210c584529b3 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
> Date: Thu, 25 Apr 2019 12:10:06 +0200
> Subject: [PATCH 1/2] system: Add 'chsh' to %SETUID-PROGRAMS.
>
> * gnu/system/pam.scm (base-pam-services): Add "chsh".
> * gnu/system.scm (%setuid-programs): Add chsh.
> ---
> gnu/system.scm | 1 +
> gnu/system/pam.scm | 4 ++--
> 2 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/system.scm b/gnu/system.scm
> index b00d384fee..a85ec109ac 100644
> --- a/gnu/system.scm
> +++ b/gnu/system.scm
> @@ -794,6 +794,7 @@ use 'plain-file' instead~%")
> ;; Default set of setuid-root programs.
> (let ((shadow (@ (gnu packages admin) shadow)))
> (list (file-append shadow "/bin/passwd")
> + (file-append shadow "/bin/chsh")
> (file-append shadow "/bin/su")
> (file-append shadow "/bin/newuidmap")
> (file-append shadow "/bin/newgidmap")
> diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm
> index 13f76a50ed..27239c5621 100644
> --- a/gnu/system/pam.scm
> +++ b/gnu/system/pam.scm
> @@ -1,5 +1,5 @@
> ;;; GNU Guix --- Functional package management for GNU
> -;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
> +;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2019 Ludovic Courtès <ludo@gnu.org>
> ;;;
> ;;; This file is part of GNU Guix.
> ;;;
> @@ -265,7 +265,7 @@ authenticate to run COMMAND."
> ;; These programs are setuid-root.
> (map (cut unix-pam-service <>
> #:allow-empty-passwords? allow-empty-passwords?)
> - '("passwd" "sudo"))
> + '("passwd" "chsh" "sudo"))
> ;; This is setuid-root, as well. Allow root to run "su" without
> ;; authenticating.
> (list (unix-pam-service "su"
> --
> 2.21.0
>
> From 6ab1ecd628f13829e31e4bcbe7bf0ff53951eedd Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
> Date: Thu, 25 Apr 2019 12:23:11 +0200
> Subject: [PATCH 2/2] doc: Document 'chsh'.
>
> * doc/guix.texi (User Accounts): Document 'chsh'.
> ---
> doc/guix.texi | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 879cb562e9..b5048f7269 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -11000,6 +11000,15 @@ if it does not exist yet.
> This is a G-expression denoting the file name of a program to be used as
> the shell (@pxref{G-Expressions}).
>
> +Users may change their shell at any time by running the @command{chsh}
> +command---run @command{man chsh} for more info. The list of allowed shells
> +can be found in the @file{/etc/shells} file, which is itself the combination
> +of the @code{shell} fields of all the user accounts.
> +
> +Because the account's shell is user-modifiable system state---just like
> +passwords---it is preserved across reboots and reconfiguration, even if the
> +administrator changes the value of the @code{shell} field.
> +
> @item @code{system?} (default: @code{#f})
> This Boolean value indicates whether the account is a ``system''
> account. System accounts are sometimes treated specially; for instance,
next prev parent reply other threads:[~2019-04-25 12:00 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-25 10:40 User shell: state or config? Ludovic Courtès
2019-04-25 11:59 ` mikadoZero [this message]
2019-04-25 18:03 ` Tobias Geerinckx-Rice
2019-04-26 6:25 ` Chris Marusich
2019-04-27 10:51 ` Ludovic Courtès
2019-04-26 20:18 ` Tanguy Le Carrour
2019-04-27 10:54 ` Ludovic Courtès
2019-04-27 8:22 ` Meiyo Peng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cuc4l6mi9di.fsf@yandex.com \
--to=mikadozero@yandex.com \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).