From: Danny Milosavljevic <dannym@scratchpost.org>
To: 45571@debbugs.gnu.org
Subject: bug#45571: Support stable uids and gids for all accounts
Date: Sat, 2 Jan 2021 02:30:20 +0100 [thread overview]
Message-ID: <20210102023020.3e4186d3@scratchpost.org> (raw)
In-Reply-To: <CABWzUjULfU-uvBMB13oS=xD9Jv4u8R6TrDErTKVRbSVfwmUgmQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 4672 bytes --]
Hi Leo,
On Fri, 01 Jan 2021 19:44:12 +0100
Leo Prikler <leo.prikler@student.tugraz.at> wrote:
> Ah, that puts things into perspective. In other words, the problem is
> not, that Guix doesn't read /etc/passwd at all, but that it reads the
> wrong one (the host instead of the guest, so to speak). Should this
> perhaps be a parameter instead?
Considering the goal of Guix, it's weird that with Guix, one needs to
store&restore /etc/passwd at all. It's state, but not very useful one.
I mean that's how it is right now--but it's still weird.
With /etc/shadow maybe there's a slightly better case, but note that the key
to find stuff in /etc/shadow can't be the uid--the uid isn't even in there!
> How is that explicit? The % even implies, that it's considered
> internal to the definition.
Explicit means that the user-account record is initialized right there (every
time account-service-type is extended), by a literal.
And it is. You can see it plain as day in the guix git repo where
account-service-type is used in gnu/services/ .
Implicit would be if some code would generate this <user-account> record
on-the-fly, usually leaving stuff hard to change by the maintainer.
'(user-account (name "x") ...)' is about as explicit as it gets for a record.
The "%" in the name of the binding changes nothing in the literal value.
And it indeed is possible to add (uid 4711) in the literal and it will work
just fine.
> Instead, you'd have (darkstat-accounts
> config), which default to the current value of %darkstat-accounts, but
> are configurable at least in the way that they allow you to set their
> ids.
Oh, you want internal service users to be USER-configurable. Indeed that is
also what Jason suggested in the initial mail.
But I think that that would put undue burden on each user and is really just
a workaround.
I would really like to caution against us doing a "whack a mole" development
approach, where workarounds like that are introduced to work around bugs
without understanding the underlying causes. So I disagree that having
internal service users be user-configurable is a good idea.
> In the realm of Guix system, this could be resolved by allowing the
> user to choose the "seeds" for those files, so to speak (in commands
> such as init, vm, deploy, etc.), could it not?
Sure, but that's a last resort. Better is to eliminate state if possible.
> Especially for (3), carrying over the old shadow from the guest rather
> than generating a new one with initial passwords sounds like it'd be a
> necessary precondition for using them with persistent storage.
It depends on what it is used for, really.
> > (5) Also for not having this bug with containers, it would still be
> > better to
> > just make uid and gid mandatory for "user-account" records.
> >
> > (6) Since (5) would move the burden to the user, it would be better
> > usability
> > to generate uid and gid in a deterministic manner as a default.
> Is the current logic non-deterministic in any way other than supporting
> the reuse of old entries (which you yourself agree is a good thing)?
It generates uids using a counter, so it depends on what order
user-accounts are created in by Guix, which depends on the order the user
specifies services in /etc/config.scm and on the order to user accounts
are specified in gnu/services/ by guix maintainers. Then the service
executable (potentially) goes on to create files using those uids.
That means that if you remove or reorder service references in /etc/config.scm,
the uids "want" to change. The only reason they don't change is because the
logic prefers the existing /etc/passwd's uids--a stopgap measure at the last
second to prevent total chaos.
Does any of this sound good to you?
I mean, strictly speaking, it's better than the alternative--but that's a low
bar.
Better would be a making the uid field mandatory and/or generating each uid
from the respective name.
> As far as I understand it, same config.scm + same
> /etc/{passwd,group,shadow} => same /etc/{passwd,group,shadow}.
That is the intention of (gnu system shadow), I think. I can't say whether
that's the case in practice now or not. It certainly was not the case a few
years ago where I did run into the same problem (a necessary condition for
the problem to manifest is that the services change--but my /etc/config.scm
services forms have been stable for a long time now, and Guix upstream also
doesn't change service definitions a lot anymore. So who knows?).
--
W: https://www.friendly-machines.at/
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2021-01-02 1:31 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <58174c197a7b42b29927c492d25e28c684d199ea.camel@student.tugraz.at>
2020-12-31 18:18 ` bug#45571: Support stable uids and gids for system accounts in a container Jason Conroy
2021-01-01 14:47 ` bug#45571: Support stable uids and gids for all accounts Danny Milosavljevic
2021-01-01 16:26 ` Jason Conroy
2021-01-01 17:36 ` Danny Milosavljevic
2021-01-01 16:20 ` Leo Prikler
2021-01-01 17:50 ` Danny Milosavljevic
2021-01-01 18:44 ` Leo Prikler
2021-01-01 20:22 ` Danny Milosavljevic
2021-01-02 0:25 ` bug#45571: Fwd: " Leo Prikler
2021-01-02 1:40 ` Danny Milosavljevic
2021-01-02 3:10 ` Leo Prikler
2021-01-02 14:02 ` Jason Conroy
2021-01-02 14:29 ` Leo Prikler
2021-01-02 14:52 ` Jason Conroy
2021-01-02 15:35 ` Leo Prikler
2021-01-02 15:58 ` Jason Conroy
2021-01-02 14:50 ` Danny Milosavljevic
2021-01-02 15:03 ` Jason Conroy
2021-01-02 15:18 ` Leo Prikler
2021-01-02 1:30 ` Danny Milosavljevic [this message]
2021-04-07 7:13 ` bug#45571: Support stable uids and gids for system accounts in a container Brendan Tildesley via Bug reports for GNU Guix
2021-06-10 6:02 ` Arun Isaac
2021-01-02 15:04 ` bug#45571: Support stable uids and gids for all accounts Danny Milosavljevic
2021-01-02 15:25 ` Leo Prikler
2021-01-06 10:03 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210102023020.3e4186d3@scratchpost.org \
--to=dannym@scratchpost.org \
--cc=45571@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.