From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id oPZSIAlLWGRvZAEASxT56A (envelope-from ) for ; Mon, 08 May 2023 03:06:17 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id yKM8IAlLWGQn+QAAauVa8A (envelope-from ) for ; Mon, 08 May 2023 03:06:17 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 39E7823738 for ; Mon, 8 May 2023 03:06:16 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pvpKG-0004Nt-8Y; Sun, 07 May 2023 21:06:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pvpKE-0004NV-Ly for bug-guix@gnu.org; Sun, 07 May 2023 21:06:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pvpKE-0008G6-EG for bug-guix@gnu.org; Sun, 07 May 2023 21:06:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pvpKE-0005OO-7L for bug-guix@gnu.org; Sun, 07 May 2023 21:06:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#63082: [PATCH v3 05/16] services: mpd: Obsolete the 'group' field. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 08 May 2023 01:06:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63082 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Liliana Marie Prikler Cc: 63082@debbugs.gnu.org Received: via spool by 63082-submit@debbugs.gnu.org id=B63082.168350793820698 (code B ref 63082); Mon, 08 May 2023 01:06:02 +0000 Received: (at 63082) by debbugs.gnu.org; 8 May 2023 01:05:38 +0000 Received: from localhost ([127.0.0.1]:38708 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pvpJp-0005Nm-JD for submit@debbugs.gnu.org; Sun, 07 May 2023 21:05:37 -0400 Received: from mail-qv1-f46.google.com ([209.85.219.46]:51689) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pvpJn-0005NW-1K for 63082@debbugs.gnu.org; Sun, 07 May 2023 21:05:35 -0400 Received: by mail-qv1-f46.google.com with SMTP id 6a1803df08f44-61b79b9f45bso39634106d6.3 for <63082@debbugs.gnu.org>; Sun, 07 May 2023 18:05:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1683507929; x=1686099929; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=eWD4/s8mPfnOYrLpv+AhxnUP6jcvvbR+YydAbFLNpqc=; b=gU+xI5DAKo6qzIjxMy2KWJFdDAv1PiamzQJ0ly7ViiIdkylUP8zHJm90LoB67vqa0R xz8n/i53WfnrgI6tN4IHISWsnQDi/nV0fNQFQ2qUFYnSFu1huiYN4hUMkDxAr+z/JJfv cqgV3I26H07Ci3Iz3rPzwBxM+6JtAy8SqJsm0K5ztdHZnME+WK49JglVZLwJjbObJlYE +BLJgOgPOCfZNC9U+o/uMNZye8BOttt6l4J2+eQe7MNf/CHHziZYSxlCWKS4jo0envBS 16hjc1pzNSCfrL77ehxV97q4nhQtn37PNxySiIgsZTOBQ9odek+iewMGm2Mn1i0rSdMT pmDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683507929; x=1686099929; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=eWD4/s8mPfnOYrLpv+AhxnUP6jcvvbR+YydAbFLNpqc=; b=QuBJSJFLPMvZazB9tV/0fMaqBIDMJr0yexF1WodA9Rf6kuUd2vYlTTAq6OtvTTdduk 0ieLmUF5sNi/CF7IAndRi3IOXa7e6oHTbnlMKw60zmk30sJf3IQLETtfr9+x7YzNwpPE TPJPEi3xoFV6a+zU6cTdwwqNQs7FyqauH6tFbbBABX9vW8Km+ybKxN7rCyBMqKmfOc4D z6WGoKK1pXFxE7cyfENG4iz9ABgFCxMbwtKctYP701IRoPx0JBwIvi9njA411RT/cR9t fGAHp554M3KXjgfFitdr+83KNMe62Jf2TBxbm9B8zXOhmMvX/EjkOkA12k5NrBTI317q EpUg== X-Gm-Message-State: AC+VfDzGctnj/+wWtISgujLWtdAehVQ4xPspQGXqNaKFSwd0Mh2vb1JF MrdkHfmSm6PK44AnzVKx1FBG5qiTAUDADQ== X-Google-Smtp-Source: ACHHUZ7x5DUdxIiZaCtH61CRGrZhtjQ8DwwgZQKQPcD+ISTwagf8PhcAjjv0Dzn8VGdUF6PXeAtR6w== X-Received: by 2002:a05:6214:27c9:b0:61b:3557:a695 with SMTP id ge9-20020a05621427c900b0061b3557a695mr11180139qvb.45.1683507929305; Sun, 07 May 2023 18:05:29 -0700 (PDT) Received: from hurd (dsl-10-131-119.b2b2c.ca. [72.10.131.119]) by smtp.gmail.com with ESMTPSA id q8-20020a0cf5c8000000b0061a3240d08asm2401978qvm.29.2023.05.07.18.05.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 07 May 2023 18:05:28 -0700 (PDT) From: Maxim Cournoyer References: <40db40a2bbfe5e0586d8b8c9694607bc0d66e340.1683299529.git.maxim.cournoyer@gmail.com> <7ba0cf980bf4ad3766c6c0ae30b069ed2891128e.camel@gmail.com> <875y943l6c.fsf@gmail.com> <69a7c685bb22add38026990a91f099db44eb80ec.camel@gmail.com> <87r0rsxb6r.fsf@gmail.com> <17e566fadba5d61844d0e40b08d072e39baa409c.camel@gmail.com> Date: Sun, 07 May 2023 21:05:27 -0400 In-Reply-To: <17e566fadba5d61844d0e40b08d072e39baa409c.camel@gmail.com> (Liliana Marie Prikler's message of "Sun, 07 May 2023 20:31:44 +0200") Message-ID: <87a5yfy6nc.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: bug-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1683507976; a=rsa-sha256; cv=none; b=stoWhhcjNJZH6THQzIIpoAvWPpqrZNhD1QTRw6Sp2sVHwUyAcYavYuNaV401+H1YBPdqxr gE3wpfTF4Q7MelrNxQ3BG/e9RSjNv29Q1qDTQJggdbfMktrGdugOQ6yE5B4TWpRKCVUXB3 Dooc4y1WvSD+jtIsmsfQszuB1rJsAPbysB/sqYJl4wnGSlUdomxejlcUkGl2Oma5KExsgP hU2ch2g1nStt0V38CSwKc18I5BCX6xX1RyjXW6dyRZ+fGiL/k1zQcc90JO3i6D6zbiAuKN iPWecibAmHoiVAYMAqKbhTLzYxW9wpQc1/YWNT+x4w7puRdHLhZ80aOc8omVPQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20221208 header.b=gU+xI5DA; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1683507976; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=eWD4/s8mPfnOYrLpv+AhxnUP6jcvvbR+YydAbFLNpqc=; b=PZSz51hxZza7DvtqHz66tZv0C2rZgv/IXujaFmIX08MvF+tz0acntZyGYQsOkmPFcjEddk Jn/Pim5U29oI7+cPq4g9ofMq2WGv16rCB0zCnAzEaGoDRAVicE2HX83jymlCw2CNI1EvyW QVHtpJ2PjhVvzH0fG8GwIZ1OGK7RhadM8i66BxkTbxz/jEC/70hXz/zQBviqaNakqxwdlF i2RLmMs/9FSkGTMMI6S7EtyAH9o0HHgp+5+SPl5qJPtVq07lqZkyAgdLY+Q+7gM1FU8k6n q3sYMJZbmrwzqMAIQWjkFk+/0CRFVaxFB6lhmEuzpKSlbx77yie2VAUdqmuSrQ== X-Migadu-Spam-Score: -0.89 X-Spam-Score: -0.89 X-Migadu-Queue-Id: 39E7823738 X-Migadu-Scanner: scn0.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20221208 header.b=gU+xI5DA; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-TUID: l4XGx++5Nck9 Hi Liliana, Liliana Marie Prikler writes: > Hi Maxim, > > Am Sonntag, dem 07.05.2023 um 14:12 -0400 schrieb Maxim Cournoyer: >> My focus on this series was making sure the configuration is easy(er) >> to reason with and that it works out of the box for the most part. > Obsoleting the group field does imho not significantly ease its use. > It rather makes its non-ootb use harder, because you now have to edit > two operating-system fields, without changing anything for the ootb > use. If you haven't tried that already, I'd like to give you the following challenge: with the current MPD service, are you able to configure it so that it works as your user, touching the minimum amount of configuration switches (as you'd do if you were a new MPD service user getting started?). With this series I opinionated on the side that less is better, coming from the realization that configuring a working MPD was already quite the challenge (less after this series, if it succeeds at its goal). In my opinion, the main two use cases for configuring the services user/group probably are: 1. you want to run it as an existing user 2. you want it to run as its own user The defaults cover 2, while for 1 you don't have a need to configure a group for it, since an existing user will also already have an existing group (and the captures such group). >> It puts the issue aside; if you can't configure a mismatched group, >> you can't shoot yourself in the foot. > No, it doesn't: Since it pulls in the groups field into "stuff you need > to worry about when editing your MPD service", it actually exacerbates > the issue. Yes, the API is awkward, but it does help making mpd- > service-type self-contained. The thing is that the 'group' field of mpd-service-type has a default, which is easy to forget (because it's duplicated from a object and you may reasonably expect the service to default to the specified user-account's group). But that's not easy to achieve. I tried. >> I think it's a serious issue because the permissions configured in >> the start slot may be wrong, and the service could fail to run >> because of it. > What is "it" here: the fact that you can make a group with (system? #f) > or the error in accounts-service-type that has been demoted to a > warning? I was thinking about the first one, although 2 would have been a nice sanity check to avoid ending in a strange state where your existing user is now in a different group that it ought to, for example. I hope all this text helps furthering our common understanding :-). -- Thanks, Maxim