all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* User accounts
@ 2014-05-13  8:11 Ludovic Courtès
  2014-05-13  8:17 ` John Darrington
  0 siblings, 1 reply; 4+ messages in thread
From: Ludovic Courtès @ 2014-05-13  8:11 UTC (permalink / raw)
  To: guix-devel

Before commit ab6a279, /etc/{group,passwd,shadow} were all created from
a derivation.  Thus, /etc contained symlinks to those files, which were
actually in the store.  Being in the store, they were all immutable and
world-readable (you can see that in the VM image released with 0.6.)

That was obviously not desirable, because then everyone can read shadow,
and because that prevents passwords from being changed.

So commit ab6a279 changed accounts to be created at “activation
time”—i.e., when booting, or when switching to a new operating system
configuration.  What happens is that the activation code checks for all
the user accounts and groups required by the ‘operating-system’
declaration, and invokes ‘useradd’ and ‘groupadd’ for any missing
account/group.

That way, {group,passwd,shadow} are normal state files with the right
permissions, and everything works as expected.  NixOS uses the same
strategy.

Ludo’.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: User accounts
  2014-05-13  8:11 User accounts Ludovic Courtès
@ 2014-05-13  8:17 ` John Darrington
  2014-05-13 12:12   ` Ludovic Courtès
  0 siblings, 1 reply; 4+ messages in thread
From: John Darrington @ 2014-05-13  8:17 UTC (permalink / raw)
  To: Ludovic Court??s; +Cc: guix-devel

On Tue, May 13, 2014 at 10:11:41AM +0200, Ludovic Court??s wrote:
     Before commit ab6a279, /etc/{group,passwd,shadow} were all created from
     a derivation.  Thus, /etc contained symlinks to those files, which were
     actually in the store.  Being in the store, they were all immutable and
     world-readable (you can see that in the VM image released with 0.6.)
     
     That was obviously not desirable, because then everyone can read shadow,
     and because that prevents passwords from being changed.
     
     So commit ab6a279 changed accounts to be created at ???activation
     time??????i.e., when booting, or when switching to a new operating system
     configuration.  What happens is that the activation code checks for all
     the user accounts and groups required by the ???operating-system???
     declaration, and invokes ???useradd??? and ???groupadd??? for any missing
     account/group.
     
     That way, {group,passwd,shadow} are normal state files with the right
     permissions, and everything works as expected.  NixOS uses the same
     strategy.
     

Does /etc/group now have a "nogroup" group?  I was trying to package up GNU cssc,
but one of its tests relies on having a group which no user is a member of.

J'
     

-- 
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: User accounts
  2014-05-13  8:17 ` John Darrington
@ 2014-05-13 12:12   ` Ludovic Courtès
  2014-05-13 12:49     ` John Darrington
  0 siblings, 1 reply; 4+ messages in thread
From: Ludovic Courtès @ 2014-05-13 12:12 UTC (permalink / raw)
  To: John Darrington; +Cc: guix-devel

John Darrington <john@darrington.wattle.id.au> skribis:

> On Tue, May 13, 2014 at 10:11:41AM +0200, Ludovic Court??s wrote:
>      Before commit ab6a279, /etc/{group,passwd,shadow} were all created from
>      a derivation.  Thus, /etc contained symlinks to those files, which were
>      actually in the store.  Being in the store, they were all immutable and
>      world-readable (you can see that in the VM image released with 0.6.)
>      
>      That was obviously not desirable, because then everyone can read shadow,
>      and because that prevents passwords from being changed.
>      
>      So commit ab6a279 changed accounts to be created at ???activation
>      time??????i.e., when booting, or when switching to a new operating system
>      configuration.  What happens is that the activation code checks for all
>      the user accounts and groups required by the ???operating-system???
>      declaration, and invokes ???useradd??? and ???groupadd??? for any missing
>      account/group.
>      
>      That way, {group,passwd,shadow} are normal state files with the right
>      permissions, and everything works as expected.  NixOS uses the same
>      strategy.
>      
>
> Does /etc/group now have a "nogroup" group?

No, but it’d be a useful addition.

> I was trying to package up GNU cssc, but one of its tests relies on
> having a group which no user is a member of.

Ah, but that’s a different story: you’re referring to the build
environment, whereas I was talking about the operating system
declarative configuration, for use in the stand-alone system (info
"(guix) System Configuration").

Regarding the build environment, maybe it makes sense to add ‘nogroup’
as well; not completely sure.  Any pointers as to how ubiquitous it is,
or other arguments?

Ludo’.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: User accounts
  2014-05-13 12:12   ` Ludovic Courtès
@ 2014-05-13 12:49     ` John Darrington
  0 siblings, 0 replies; 4+ messages in thread
From: John Darrington @ 2014-05-13 12:49 UTC (permalink / raw)
  To: Ludovic Court??s; +Cc: guix-devel

On Tue, May 13, 2014 at 02:12:34PM +0200, Ludovic Court??s wrote:
     John Darrington <john@darrington.wattle.id.au> skribis:
     
     > On Tue, May 13, 2014 at 10:11:41AM +0200, Ludovic Court??s wrote:
     >      Before commit ab6a279, /etc/{group,passwd,shadow} were all created from
     >      a derivation.  Thus, /etc contained symlinks to those files, which were
     >      actually in the store.  Being in the store, they were all immutable and
     >      world-readable (you can see that in the VM image released with 0.6.)
     >      
     >      That was obviously not desirable, because then everyone can read shadow,
     >      and because that prevents passwords from being changed.
     >      
     >      So commit ab6a279 changed accounts to be created at ???activation
     >      time??????i.e., when booting, or when switching to a new operating system
     >      configuration.  What happens is that the activation code checks for all
     >      the user accounts and groups required by the ???operating-system???
     >      declaration, and invokes ???useradd??? and ???groupadd??? for any missing
     >      account/group.
     >      
     >      That way, {group,passwd,shadow} are normal state files with the right
     >      permissions, and everything works as expected.  NixOS uses the same
     >      strategy.
     >      
     >
     > Does /etc/group now have a "nogroup" group?
     
     No, but it???d be a useful addition.
     
     > I was trying to package up GNU cssc, but one of its tests relies on
     > having a group which no user is a member of.
     
     Ah, but that???s a different story: you???re referring to the build
     environment, whereas I was talking about the operating system
     declarative configuration, for use in the stand-alone system (info
     "(guix) System Configuration").
     
     Regarding the build environment, maybe it makes sense to add ???nogroup???
     as well; not completely sure.  Any pointers as to how ubiquitous it is,
     or other arguments?
     
It's probably not too ubiquitous, but one other argument, is that there is 
already a "nobody" in the build environment's /etc/passwd.  For consistency
there should be a nogroup in /etc/group

J'

-- 
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2014-05-13 12:49 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-05-13  8:11 User accounts Ludovic Courtès
2014-05-13  8:17 ` John Darrington
2014-05-13 12:12   ` Ludovic Courtès
2014-05-13 12:49     ` John Darrington

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.