From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: User accounts
Date: Tue, 13 May 2014 10:11:41 +0200
Message-ID: <87d2fidrnm.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:37194)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1Wk7oX-0001F9-Dv
	for guix-devel@gnu.org; Tue, 13 May 2014 04:12:02 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1Wk7oO-0005Jo-CQ
	for guix-devel@gnu.org; Tue, 13 May 2014 04:11:53 -0400
Received: from hera.aquilenet.fr ([2a01:474::1]:46704)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
	id 1Wk7oO-0005Jk-5I
	for guix-devel@gnu.org; Tue, 13 May 2014 04:11:44 -0400
Received: from localhost (localhost [127.0.0.1])
	by hera.aquilenet.fr (Postfix) with ESMTP id 0BEAA289B
	for <guix-devel@gnu.org>; Tue, 13 May 2014 10:11:42 +0200 (CEST)
Received: from hera.aquilenet.fr ([127.0.0.1])
	by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id nhVCzBym7R4q for <guix-devel@gnu.org>;
	Tue, 13 May 2014 10:11:41 +0200 (CEST)
Received: from pluto (pluto.bordeaux.inria.fr [193.50.110.57])
	by hera.aquilenet.fr (Postfix) with ESMTPSA id CF0A7234A
	for <guix-devel@gnu.org>; Tue, 13 May 2014 10:11:41 +0200 (CEST)
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: guix-devel <guix-devel@gnu.org>

Before commit ab6a279, /etc/{group,passwd,shadow} were all created from
a derivation.  Thus, /etc contained symlinks to those files, which were
actually in the store.  Being in the store, they were all immutable and
world-readable (you can see that in the VM image released with 0.6.)

That was obviously not desirable, because then everyone can read shadow,
and because that prevents passwords from being changed.

So commit ab6a279 changed accounts to be created at =E2=80=9Cactivation
time=E2=80=9D=E2=80=94i.e., when booting, or when switching to a new operat=
ing system
configuration.  What happens is that the activation code checks for all
the user accounts and groups required by the =E2=80=98operating-system=E2=
=80=99
declaration, and invokes =E2=80=98useradd=E2=80=99 and =E2=80=98groupadd=E2=
=80=99 for any missing
account/group.

That way, {group,passwd,shadow} are normal state files with the right
permissions, and everything works as expected.  NixOS uses the same
strategy.

Ludo=E2=80=99.