From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <help-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp1.migadu.com ([2001:41d0:1008:1e59::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms8.migadu.com with LMTPS
	id cxeoLC1bmGWHNAEAkFu2QA
	(envelope-from <help-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 05 Jan 2024 20:40:29 +0100
Received: from aspmx1.migadu.com ([2001:41d0:303:e224::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1.migadu.com with LMTPS
	id OIJUKC1bmGUDxAAA62LTzQ
	(envelope-from <help-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 05 Jan 2024 20:40:29 +0100
X-Envelope-To: larch@yhetil.org
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=protonmail.com header.s=protonmail3 header.b=us8XLiOa;
	spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org";
	dmarc=pass (policy=quarantine) header.from=protonmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1704483629;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post:dkim-signature;
	bh=ISR6CCKvLy7dshJZ2Gr3Ic1fmYyuVgd7xa0h7HoT8AE=;
	b=k4ntQ23RFESo00DP8n1E6fJ46glwuN6ErXkCio0nxrtB+Xb8SxWI/kp9ZB1XASoLy7d4xK
	2Xr0CmAw+gE2RGlof16x5b2oBS8sXg5n7X8UElgaadU4pRtfdXbQmmPEEFQQj7Z5iyMcko
	lDtqTR04yU6l8qslZE7A+aVyPJKgdckRmeUuKSm+YyUXqt8aUdp+6uf5jVN641O5k6IdCG
	mh+W5AvyQnFwzGLkdAjoxYvTO1FeQkf+/r0hChm/mYgcmDw1LrYiPEkvVtrSMQ0INEM41j
	BoshKBdxlOs1VQ+QiHMkZnBRnz8tf1dhpRenr8OOKeb+aYTHGGewG395zd3uIg==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1704483629; a=rsa-sha256; cv=none;
	b=UNlotoCGgztwrw8iZuNfRp6VxgBfLyzF8RRwMxhvIN2DAiN3kdVcEmp9hdkIQtvdJpz97u
	lURSkHvNnBrtY94NAdaoDD6TCkTqiODQ87VG3kIP52wCbGXf187PqUDSx2YUHk1OfPJ5sY
	tdxeoCzrr9neNmxrdVD0AjTXk9gdHiHu9cQOcrQo0uOBCH+TBMH9KysCKdQl+CUBrfSxR1
	7ZJA5QIvLUOZKkMNN3ClQW/oJveP8ltpnw1iR3tYY6S9WHHCxwTY3jSwAri7GBDyV9IC2j
	1MxfS7Z59Q1NpvBshnP6bHOdNzHcxeouDJJSEEFG+CJ+oatrlDA5k57bYVQIrQ==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=pass header.d=protonmail.com header.s=protonmail3 header.b=us8XLiOa;
	spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org";
	dmarc=pass (policy=quarantine) header.from=protonmail.com
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 782241008F
	for <larch@yhetil.org>; Fri,  5 Jan 2024 20:40:29 +0100 (CET)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <help-guix-bounces@gnu.org>)
	id 1rLq2w-0005vv-0y; Fri, 05 Jan 2024 14:39:58 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <skyvine@protonmail.com>)
 id 1rLq2u-0005vg-ID
 for help-guix@gnu.org; Fri, 05 Jan 2024 14:39:56 -0500
Received: from mail-4322.protonmail.ch ([185.70.43.22])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <skyvine@protonmail.com>)
 id 1rLq2s-0007RN-9u
 for help-guix@gnu.org; Fri, 05 Jan 2024 14:39:56 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail3; t=1704483590; x=1704742790;
 bh=ISR6CCKvLy7dshJZ2Gr3Ic1fmYyuVgd7xa0h7HoT8AE=;
 h=Date:To:From:Subject:Message-ID:In-Reply-To:References:
 Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
 Message-ID:BIMI-Selector;
 b=us8XLiOauF/HM5ot7rR78AFtDk6xG771DTOqy3nJIktU5to/EVPvsBbP5VxLzoSWF
 JkCBq/i93Ci6Ze1k9xYiTEfnEs56GP5djmdQuSyShXcNW13hKjz4pZu/W7OALiQUzW
 11UySkzS4XLuJJew5ye1nN5Ib3XpvD8VDKJF8XqjRFrRASxMaIrbECgscOeHCsdRDz
 6lteNDfn5xm1WRuR5V6nytMj0Dj7bfAbC/TuX8DTFTzFbQhycklgGOy00JyJLZWmjP
 d0seSSsfV4KlIhG5F08T4wzsU7zy3itVi44k78UHJ4sd/CahcDyunp4imiM8JJixGN
 7YWGQUl+3P+fA==
Date: Fri, 05 Jan 2024 19:39:28 +0000
To: help-guix@gnu.org, root@benwr.net
From: Skyler Ferris <skyvine@protonmail.com>
Subject: Re: Some methods of getting a "login shell" do not create
 /run/user/<uid> or add a session to loginctl
Message-ID: <89b85620-4729-405f-bca7-1ffb24ee0d1c@protonmail.com>
In-Reply-To: <0da4f3a9-130b-4320-81e0-8414a62bd69e@benwr.net>
References: <0da4f3a9-130b-4320-81e0-8414a62bd69e@benwr.net>
Feedback-ID: 40635331:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=185.70.43.22; envelope-from=skyvine@protonmail.com;
 helo=mail-4322.protonmail.ch
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: help-guix@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/help-guix>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org
Sender: help-guix-bounces+larch=yhetil.org@gnu.org
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
X-Migadu-Spam-Score: -9.70
X-Spam-Score: -9.70
X-Migadu-Queue-Id: 782241008F
X-Migadu-Scanner: mx12.migadu.com
X-TUID: CAaXl8cwQXXa

On 12/30/23 04:45, Ben Weinstein-Raun wrote:

> Does anyone know why this would happen, or how to fix it? I'm using the
> elogind service on top of %base-services.
>
I was hoping that someone else more knowledgeable might have a better=20
solution, but since nobody has replied I'll share the less-than-ideal=20
solution I've been using. I use a system without elogind, so I'm not=20
sure if there would be a conflict with this setup and that service.=20
Also, this solution does not properly destroy the directory when a user=20
fully logs out, only when the system is rebooted.

Basically, I just use some code to mount tmpfs onto the directories by=20
adding extra values to the file-systems declaration of my=20
operating-system declaration. The main disadvantage not already=20
mentioned is that UIDs and GIDs have to be explicitly defined for each=20
non-system user. Maybe the logic for the GIDs could be removed because=20
the group has no permissions on the directory anyway, but I haven't=20
thought it through.. There are some helper functions:

(let*
 =C2=A0=C2=A0 =C2=A0((get-gid-by-name (lambda (name groups)
 =C2=A0=C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 (let ((matches (filter (lambda (gro=
up) (string=3D?=20
(guix.user-group-name group)) name)
 =C2=A0=C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 groups)))
 =C2=A0=C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 (if (>=3D (lengt=
h matches) 1)
 =C2=A0=C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 (guix.user-group-id (car matches))
 =C2=A0=C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 (error (string-append "The group " name " must have an=20
explicitly defined GID!"
 =C2=A0=C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 " Add a (gi=
d <number>) form to=20
the group definition."))))))

 =C2=A0=C2=A0 =C2=A0 (get-user-gid (lambda (user groups)
 =C2=A0=C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 (unless (guix.user-account-group us=
er)
 =C2=A0=C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 (error (string-a=
ppend "The user " (guix.user-account-name=20
user)
 =C2=A0=C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 " must have an explicitly define=
d=20
group! Add"
 =C2=A0=C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 " (group <name|number>) to the u=
ser=20
definition.")))

 =C2=A0=C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 (let ((gid (if (number? (guix.user-=
account-group user))
 =C2=A0=C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 (guix.user-account-group =
user)
 =C2=A0=C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 (get-gid-by-name (guix.us=
er-account-group user)=20
groups))))
 =C2=A0=C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 (number->string =
gid))))

 =C2=A0=C2=A0 =C2=A0 (get-user-uid (lambda (user)
 =C2=A0=C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 (unless (guix.user-account-uid user=
)
 =C2=A0=C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 (error (string-a=
ppend "The user " (guix.user-account-name=20
user)
 =C2=A0=C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 " must have an explicitly define=
d=20
UID! Add (uid <number>) to"
 =C2=A0=C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 " the user definition.")))
 =C2=A0=C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 (number->string (guix.user-account-=
uid user)))))

Which can then be used to create the filesystems:

(map (lambda (user)
 =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0 (let ((uid (get-user-uid user))
 =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 (gid (get-user-gid=
 user groups)))
 =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 (guix.file-system
 =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 ; I don't k=
now if this is normally a tmpfs,=20
but the XDG basedir standard
 =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 ; says that=
 it MUST not survive a reboot,=20
so being tmpfs shouldn't cause any
 =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 ; problems.=
 This is technically not=20
compliant because it also says that the
 =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 ; contents =
MUST be removed if the user=20
fully logs out (implicitly, even if
 =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 ; the syste=
m remains powered on) and I'm=20
not doing that. It looks like guix
 =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 ; has a pre=
defined greetd configuration to=20
handle this correctly.
 =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 (device=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0 "tmpfs")
 =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 (mount-poin=
t=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 (string-append=20
"/run/user/" uid))
 =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 (type=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0 "tmpfs")
 =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 (check?=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0 #f)
 =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 (options=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 (f=
ormat #f=20
"mode=3D0700,uid=3D~a,gid=3D~a" uid gid))
 =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 (create-mou=
nt-point? #t))))
 =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0 (filter (negate guix.user-account-system?) users)=
))))

Regards,
Skyler