From: Skyler Ferris <skyvine@protonmail.com>
To: help-guix@gnu.org, root@benwr.net
Subject: Re: Some methods of getting a "login shell" do not create /run/user/<uid> or add a session to loginctl
Date: Fri, 05 Jan 2024 19:39:28 +0000 [thread overview]
Message-ID: <89b85620-4729-405f-bca7-1ffb24ee0d1c@protonmail.com> (raw)
In-Reply-To: <0da4f3a9-130b-4320-81e0-8414a62bd69e@benwr.net>
On 12/30/23 04:45, Ben Weinstein-Raun wrote:
> Does anyone know why this would happen, or how to fix it? I'm using the
> elogind service on top of %base-services.
>
I was hoping that someone else more knowledgeable might have a better
solution, but since nobody has replied I'll share the less-than-ideal
solution I've been using. I use a system without elogind, so I'm not
sure if there would be a conflict with this setup and that service.
Also, this solution does not properly destroy the directory when a user
fully logs out, only when the system is rebooted.
Basically, I just use some code to mount tmpfs onto the directories by
adding extra values to the file-systems declaration of my
operating-system declaration. The main disadvantage not already
mentioned is that UIDs and GIDs have to be explicitly defined for each
non-system user. Maybe the logic for the GIDs could be removed because
the group has no permissions on the directory anyway, but I haven't
thought it through.. There are some helper functions:
(let*
((get-gid-by-name (lambda (name groups)
(let ((matches (filter (lambda (group) (string=?
(guix.user-group-name group)) name)
groups)))
(if (>= (length matches) 1)
(guix.user-group-id (car matches))
(error (string-append "The group " name " must have an
explicitly defined GID!"
" Add a (gid <number>) form to
the group definition."))))))
(get-user-gid (lambda (user groups)
(unless (guix.user-account-group user)
(error (string-append "The user " (guix.user-account-name
user)
" must have an explicitly defined
group! Add"
" (group <name|number>) to the user
definition.")))
(let ((gid (if (number? (guix.user-account-group user))
(guix.user-account-group user)
(get-gid-by-name (guix.user-account-group user)
groups))))
(number->string gid))))
(get-user-uid (lambda (user)
(unless (guix.user-account-uid user)
(error (string-append "The user " (guix.user-account-name
user)
" must have an explicitly defined
UID! Add (uid <number>) to"
" the user definition.")))
(number->string (guix.user-account-uid user)))))
Which can then be used to create the filesystems:
(map (lambda (user)
(let ((uid (get-user-uid user))
(gid (get-user-gid user groups)))
(guix.file-system
; I don't know if this is normally a tmpfs,
but the XDG basedir standard
; says that it MUST not survive a reboot,
so being tmpfs shouldn't cause any
; problems. This is technically not
compliant because it also says that the
; contents MUST be removed if the user
fully logs out (implicitly, even if
; the system remains powered on) and I'm
not doing that. It looks like guix
; has a predefined greetd configuration to
handle this correctly.
(device "tmpfs")
(mount-point (string-append
"/run/user/" uid))
(type "tmpfs")
(check? #f)
(options (format #f
"mode=0700,uid=~a,gid=~a" uid gid))
(create-mount-point? #t))))
(filter (negate guix.user-account-system?) users)))))
Regards,
Skyler
next prev parent reply other threads:[~2024-01-05 19:40 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-30 12:45 Some methods of getting a "login shell" do not create /run/user/<uid> or add a session to loginctl Ben Weinstein-Raun
2024-01-05 19:39 ` Skyler Ferris [this message]
2024-01-05 21:26 ` Ben Weinstein-Raun
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=89b85620-4729-405f-bca7-1ffb24ee0d1c@protonmail.com \
--to=skyvine@protonmail.com \
--cc=help-guix@gnu.org \
--cc=root@benwr.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.