From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 8PqALyKRCWDQMwAA0tVLHw (envelope-from ) for ; Thu, 21 Jan 2021 14:35:14 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id QE9tKyKRCWAUPwAA1q6Kng (envelope-from ) for ; Thu, 21 Jan 2021 14:35:14 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 37CA2940548 for ; Thu, 21 Jan 2021 14:35:14 +0000 (UTC) Received: from localhost ([::1]:41344 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1l2b3J-0006nA-1l for larch@yhetil.org; Thu, 21 Jan 2021 09:35:13 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:38464) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l2b38-0006mz-Ic for bug-guix@gnu.org; Thu, 21 Jan 2021 09:35:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:45667) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1l2b38-0007wf-Bo for bug-guix@gnu.org; Thu, 21 Jan 2021 09:35:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1l2b38-0006zs-90 for bug-guix@gnu.org; Thu, 21 Jan 2021 09:35:02 -0500 X-Loop: help-debbugs@gnu.org Subject: bug#45980: Feature request: parameterized /var/guix/profiles/per-user Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 21 Jan 2021 14:35:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 45980 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Dimitri DELABROYE Received: via spool by 45980-submit@debbugs.gnu.org id=B45980.161123965126743 (code B ref 45980); Thu, 21 Jan 2021 14:35:02 +0000 Received: (at 45980) by debbugs.gnu.org; 21 Jan 2021 14:34:11 +0000 Received: from localhost ([127.0.0.1]:57212 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1l2b2I-0006xF-IH for submit@debbugs.gnu.org; Thu, 21 Jan 2021 09:34:10 -0500 Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:12461) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1l2b2F-0006wW-FV for 45980@debbugs.gnu.org; Thu, 21 Jan 2021 09:34:08 -0500 X-IronPort-AV: E=Sophos;i="5.79,364,1602540000"; d="scan'208";a="370706940" Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Jan 2021 15:34:00 +0100 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 2 =?UTF-8?Q?Pluvi=C3=B4se?= an 229 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 21 Jan 2021 15:34:00 +0100 In-Reply-To: (Dimitri DELABROYE's message of "Tue, 19 Jan 2021 14:34:47 +0100") Message-ID: <871ree9x5z.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: support-staff@lists.grid5000.fr, 45980@debbugs.gnu.org Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -2.35 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: 37CA2940548 X-Spam-Score: -2.35 X-Migadu-Scanner: scn0.migadu.com X-TUID: sM+5kf5YOp/b Hi Dimitri, Dimitri DELABROYE skribis: > In order to be more secure we did not want to export /var/guix with RW > rights, we cannot trust root on the nodes. Just so those unfamiliar with Grid=E2=80=995000 understand: what=E2=80=99s = special here is that users can spawn new nodes where they are root, but this root user is not trusted as an admin of the cluster as a whole. Thus, if /var/guix as we know it were NFS-exported read/write, anyone could fiddle with all of /var/guix/profiles/per-user. That=E2=80=99s the r= eason why Dimitri & co. came up with the idea of storing per-user profiles in each user=E2=80=99s home directory. Why home directories? Because there=E2=80=99s already machinery on G5K that arranges so that a node can NFS-mount nothing but the home directory of the user who reserved the node. Why not treat /var/guix/profiles/per-user/USER NFS shares in the same way as home directories, then? That=E2=80=99s an option, but that=E2=80=99= d mean extra work for G5K, AIUI. > So for the user profile to=20 > work we did the following: > =C2=A0=C2=A0=C2=A0 - mount the user's home on the guix server > =C2=A0=C2=A0=C2=A0 - instead of letting guix create the user's profile on > /var/guix/profiles/per-user we created symlink: ln -s /home/USER/.guix=20 > /var/guix/profiles/per-user/USER > This way we can export /var/guix with RO rights and users can't see > each others profiles. The problem is that =E2=80=98gc-roots=E2=80=99 in (guix store roots) won=E2= =80=99t traverse those /per-user/USER symlinks. Instead, it assumes they are symlinks to indirect roots. > Another way would be to have a parameter to configure the > /var/guix/profiles/per-user directory so the symlink mecanism would > not be needed. For example guix could directly write in the user > directory in /home/USER/.guix. In fact, it=E2=80=99s possible to use profiles other than the default profi= le, and those profiles can be anywhere on the file system. For instance, if you do: guix install -p ~/.guix/my-profile emacs the thing is installed in ~/.guix/my-profile; that profile does not show up in /var/guix/profiles, but it is seen as a GC root by the daemon, via /var/guix/gcroots/auto. Longer-term, we could imagine having a =E2=80=9Cprivate profile=E2=80=9D op= tion, where the default profile is managed this way instead of being visible in /var/guix/profiles/per-user. But obviously that needs more thought and it=E2=80=99s not an option to solve your immediate problem. As it stands, the simplest option I think would be handle NFS exports of /var/guix/profiles/per-user/USER just like exports of /home/USER. Thoughts? Ludo=E2=80=99.