From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: Starting user services at boot
Date: Mon, 13 Feb 2017 15:01:48 +0100
Message-ID: <87a89qfaur.fsf@gnu.org>
References: <20170212195413.GA8296@jasmine> <878tpah1zx.fsf@gnu.org>
	<20170213123743.ngvpeu4iscadyrwr@wasp>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51001)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1cdHCV-0002IC-MA
	for help-guix@gnu.org; Mon, 13 Feb 2017 09:01:56 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1cdHCR-0005mU-Mr
	for help-guix@gnu.org; Mon, 13 Feb 2017 09:01:55 -0500
In-Reply-To: <20170213123743.ngvpeu4iscadyrwr@wasp> (ng0's message of "Mon, 13
	Feb 2017 12:37:44 +0000")
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/help-guix/>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
To: Leo Famulari <leo@famulari.name>
Cc: help-guix@gnu.org

ng0 <contact.ng0@cryptolab.net> skribis:

> On 17-02-13 10:30:10, Ludovic Court=C3=A8s wrote:
>> Hi Leo!
>>=20
>> Leo Famulari <leo@famulari.name> skribis:
>>=20
>> > Does anyone have advice about how to start an unprivileged user's
>> > services when the system boots?
>> >
>> > On other systems, I could at least invoke them in /etc/rc.local, but I=
'm
>> > not sure how to do it on GuixSD.
>>=20
>> Currently I run shepherd as myself, which reads from
>> ~/.config/shepherd/init.scm.  It gets started from my ~/.xsession.
>>=20
>> Admittedly this is a bit of a hack.  It wouldn=E2=80=99t be hard to defi=
ne
>> per-user Shepherd instances as global Shepherd services in GuixSD, if
>> you see what I mean.
>>=20
>> Another option would be to add support for this directly in the
>> Shepherd, which has pros and cons.
>
> What are the pros and cons from your point of view, could you explain thi=
s?

The downside is that it would make the Shepherd more complex: it would
have to have a built-in notion of user instances, even though it is not
designed specifically to run as PID=C2=A01 initially (you can use it as an
unprivileged user already).

Another downside is that /var/run/shepherd/socket may need to be
accessible to users so they can talk to PID=C2=A01.  More generally, there=
=E2=80=99d
need to be some way to prevent unprivileged users from doing things like
running arbitrary code in PID=C2=A01.

The upside would be better integration: if shepherd knows about user
services, then it can show them in =E2=80=98herd status=E2=80=99, things li=
ke that.

(There=E2=80=99s a similar trade-off for the recently-added support for ser=
vices
running in containers.)

Thanks,
Ludo=E2=80=99.