all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* Some methods of getting a "login shell" do not create /run/user/<uid> or add a session to loginctl
@ 2023-12-30 12:45 Ben Weinstein-Raun
  2024-01-05 19:39 ` Skyler Ferris
  0 siblings, 1 reply; 3+ messages in thread
From: Ben Weinstein-Raun @ 2023-12-30 12:45 UTC (permalink / raw)
  To: help-guix

[-- Attachment #1: Type: text/plain, Size: 740 bytes --]

I've noticed that several methods of opening a "login shell" do not
result in the XDG_RUNTIME_DIR (/run/user/<uid>) being created; and also
don't result in a session appearing in the output of `loginctl`:


* `mosh`
* `sudo -i <user> loginctl`
* `su -l <user>`
* `login`

I mentioned in another message that I'm hoping to write a system
shepherd service that will start a user-level shepherd service. But a
user-level shepherd services won't run without the XDG_RUNTIME_DIR (or
some other explicitly-chosen suitable directory, but I'd prefer not to
deviate from the defaults, if I could instead understand what's going on).

Does anyone know why this would happen, or how to fix it? I'm using the
elogind service on top of %base-services.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 249 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Some methods of getting a "login shell" do not create /run/user/<uid> or add a session to loginctl
  2023-12-30 12:45 Some methods of getting a "login shell" do not create /run/user/<uid> or add a session to loginctl Ben Weinstein-Raun
@ 2024-01-05 19:39 ` Skyler Ferris
  2024-01-05 21:26   ` Ben Weinstein-Raun
  0 siblings, 1 reply; 3+ messages in thread
From: Skyler Ferris @ 2024-01-05 19:39 UTC (permalink / raw)
  To: help-guix, root

On 12/30/23 04:45, Ben Weinstein-Raun wrote:

> Does anyone know why this would happen, or how to fix it? I'm using the
> elogind service on top of %base-services.
>
I was hoping that someone else more knowledgeable might have a better 
solution, but since nobody has replied I'll share the less-than-ideal 
solution I've been using. I use a system without elogind, so I'm not 
sure if there would be a conflict with this setup and that service. 
Also, this solution does not properly destroy the directory when a user 
fully logs out, only when the system is rebooted.

Basically, I just use some code to mount tmpfs onto the directories by 
adding extra values to the file-systems declaration of my 
operating-system declaration. The main disadvantage not already 
mentioned is that UIDs and GIDs have to be explicitly defined for each 
non-system user. Maybe the logic for the GIDs could be removed because 
the group has no permissions on the directory anyway, but I haven't 
thought it through.. There are some helper functions:

(let*
     ((get-gid-by-name (lambda (name groups)
          (let ((matches (filter (lambda (group) (string=? 
(guix.user-group-name group)) name)
                                 groups)))
              (if (>= (length matches) 1)
                  (guix.user-group-id (car matches))
                  (error (string-append "The group " name " must have an 
explicitly defined GID!"
                                        " Add a (gid <number>) form to 
the group definition."))))))

      (get-user-gid (lambda (user groups)
          (unless (guix.user-account-group user)
              (error (string-append "The user " (guix.user-account-name 
user)
                                    " must have an explicitly defined 
group! Add"
                                    " (group <name|number>) to the user 
definition.")))

          (let ((gid (if (number? (guix.user-account-group user))
                         (guix.user-account-group user)
                         (get-gid-by-name (guix.user-account-group user) 
groups))))
              (number->string gid))))

      (get-user-uid (lambda (user)
          (unless (guix.user-account-uid user)
              (error (string-append "The user " (guix.user-account-name 
user)
                                    " must have an explicitly defined 
UID! Add (uid <number>) to"
                                    " the user definition.")))
          (number->string (guix.user-account-uid user)))))

Which can then be used to create the filesystems:

(map (lambda (user)
                     (let ((uid (get-user-uid user))
                           (gid (get-user-gid user groups)))
                         (guix.file-system
                             ; I don't know if this is normally a tmpfs, 
but the XDG basedir standard
                             ; says that it MUST not survive a reboot, 
so being tmpfs shouldn't cause any
                             ; problems. This is technically not 
compliant because it also says that the
                             ; contents MUST be removed if the user 
fully logs out (implicitly, even if
                             ; the system remains powered on) and I'm 
not doing that. It looks like guix
                             ; has a predefined greetd configuration to 
handle this correctly.
                             (device              "tmpfs")
                             (mount-point         (string-append 
"/run/user/" uid))
                             (type                "tmpfs")
                             (check?              #f)
                             (options             (format #f 
"mode=0700,uid=~a,gid=~a" uid gid))
                             (create-mount-point? #t))))
                     (filter (negate guix.user-account-system?) users)))))

Regards,
Skyler



^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Some methods of getting a "login shell" do not create /run/user/<uid> or add a session to loginctl
  2024-01-05 19:39 ` Skyler Ferris
@ 2024-01-05 21:26   ` Ben Weinstein-Raun
  0 siblings, 0 replies; 3+ messages in thread
From: Ben Weinstein-Raun @ 2024-01-05 21:26 UTC (permalink / raw)
  To: Skyler Ferris, help-guix

[-- Attachment #1: Type: text/plain, Size: 984 bytes --]

On 01/05/24 14:39, Skyler Ferris wrote:
> I was hoping that someone else more knowledgeable might have a better 
> solution, but since nobody has replied I'll share the less-than-ideal 
> solution I've been using.
Thanks a lot for the response!

> Basically, I just use some code to mount tmpfs onto the directories by 
> adding extra values to the file-systems declaration of my 
> operating-system declaration. The main disadvantage not already 
> mentioned is that UIDs and GIDs have to be explicitly defined for each 
> non-system user. Maybe the logic for the GIDs could be removed because 
> the group has no permissions on the directory anyway, but I haven't 
> thought it through.. There are some helper functions:


This is super useful, thank you! And probably substantially better than
my current hack (brute `mkdir -p` on startup, which seems likely to make
`mount` sad when later someone *does* log in properly, let alone the
issue you mention with surviving reboots).



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 249 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-01-05 21:27 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-12-30 12:45 Some methods of getting a "login shell" do not create /run/user/<uid> or add a session to loginctl Ben Weinstein-Raun
2024-01-05 19:39 ` Skyler Ferris
2024-01-05 21:26   ` Ben Weinstein-Raun

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.