From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vincent Legoll Subject: bug#24275: Misnamed directory in GuixSD Date: Tue, 23 Aug 2016 13:04:49 +0200 Message-ID: References: <20160820201100.GA22429@jocasta.intra> <20160821231410.GA4548@jasmine> <87bn0lciy1.fsf@gmail.com> <20160822180903.GB17367@jasmine> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=94eb2c083c702709fa053abb2212 Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:49617) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bc9W4-0004bt-Vj for bug-guix@gnu.org; Tue, 23 Aug 2016 07:05:17 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bc9Vu-000272-1l for bug-guix@gnu.org; Tue, 23 Aug 2016 07:05:11 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:39837) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bc9Vt-00026r-UT for bug-guix@gnu.org; Tue, 23 Aug 2016 07:05:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1bc9Vt-0000YK-JG for bug-guix@gnu.org; Tue, 23 Aug 2016 07:05:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <20160822180903.GB17367@jasmine> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Leo Famulari Cc: Alex Kost , 24275@debbugs.gnu.org, John Darrington --94eb2c083c702709fa053abb2212 Content-Type: text/plain; charset=UTF-8 Hello, On Mon, Aug 22, 2016 at 8:09 PM, Leo Famulari wrote: > On Mon, Aug 22, 2016 at 10:47:51AM +0200, Vincent Legoll wrote: >> >> > IIUC it happens because the home directory is created only when a user >> > is added, and is not changed when the user is modified. See (gnu build >> > activation) module: >> > >> > - 'add-user' runs "useradd" with "-d" option to create home dir >> >> Maybe the nobody user should be special cased, not to run useradd with >> -d, the non existent directory, should really not exist for nobody. This is a >> (very small ?) security enhancement, I think... > > My Debian system uses '/nonexistent' for the nobody user's passwd entry, > but the directory does not actually exist. > >> If this is the way to go, I can have a shot at it... >> >> > - 'modify-user' runs "usermod" without "-d" (and without "--move-home") >> > >> > So the home of nobody was not changed for us to '/nonexistent' when the >> > nobody user was changed. >> > >> > As for me, I wouldn't like to have this directory, and I think it >> > shouldn't be created (if it is not really needed for nobody user). >> >> Ditto. > > I don't fully understand the implications of the change, but it seems > like a worthwhile thing to try doing. At least you might learn something > while implementing it :) > > I'll let more experienced people decide if it's the right thing to do. I came with the attached patch, totally untested, probably wrong for some cases... The following is what I think I have implemented: At account creation time, do not create directories for system? accounts. At account modification, do not create directories, nor move existing ones, but change them in /etc/passwd WDYT ? -- Vincent Legoll --94eb2c083c702709fa053abb2212 Content-Type: text/x-patch; charset=US-ASCII; name="0001-Avoid-creating-system-user-s-home-directories.patch" Content-Disposition: attachment; filename="0001-Avoid-creating-system-user-s-home-directories.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_is7d6jrg0 RnJvbSA4YzgzZDhjZWJjM2I0NDBhNTIzZTcxNGU2NTJiMjY2ZjdjMzdiMzgwIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBWaW5jZW50IExlZ29sbCA8dmluY2VudC5sZWdvbGxAaWRncmls bGVzLmZyPgpEYXRlOiBUdWUsIDIzIEF1ZyAyMDE2IDEyOjM3OjU3ICswMjAwClN1YmplY3Q6IFtQ QVRDSF0gQXZvaWQgY3JlYXRpbmcgc3lzdGVtLXVzZXIncyBob21lIGRpcmVjdG9yaWVzCgoqIGdu dS9idWlsZC9hY3RpdmF0aW9uLnNjbSAobW9kaWZ5LXVzZXIpOiBwYXNzIC1kIHRvIHVzZXJtb2Qg Y29tbWFuZAogICAgICAgICAgICAgICAgICAgICAgICAgICAoYWRkLXVzZXIpOiBhZGQgc3lzdGVt PyBjb25kaXRpb24gdG8gaG9tZQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBkaXIgY3JlYXRpb24uCgpTaWduZWQtb2ZmLWJ5OiBWaW5jZW50IExlZ29sbCA8dmluY2VudC5s ZWdvbGxAaWRncmlsbGVzLmZyPgotLS0KIGdudS9idWlsZC9hY3RpdmF0aW9uLnNjbSB8IDE1ICsr KysrKysrKysrLS0tLQogMSBmaWxlIGNoYW5nZWQsIDExIGluc2VydGlvbnMoKyksIDQgZGVsZXRp b25zKC0pCgpkaWZmIC0tZ2l0IGEvZ251L2J1aWxkL2FjdGl2YXRpb24uc2NtIGIvZ251L2J1aWxk L2FjdGl2YXRpb24uc2NtCmluZGV4IDY2NjZjYjQuLmMwZjU0YWUgMTAwNjQ0Ci0tLSBhL2dudS9i dWlsZC9hY3RpdmF0aW9uLnNjbQorKysgYi9nbnUvYnVpbGQvYWN0aXZhdGlvbi5zY20KQEAgLTE0 MCw5ICsxNDAsMTMgQEAgcHJvcGVydGllcy4gIFJldHVybiAjdCBvbiBzdWNjZXNzLiIKICAgICAg ICAgICAgICAgICAgICAgICAgICAgJygpKQogICAgICAgICAgICAgICAgICAgICAsQChpZiBjb21t ZW50IGAoIi1jIiAsY29tbWVudCkgJygpKQogICAgICAgICAgICAgICAgICAgICAsQChpZiBob21l Ci0gICAgICAgICAgICAgICAgICAgICAgICAgIChpZiAoZmlsZS1leGlzdHM/IGhvbWUpCi0gICAg ICAgICAgICAgICAgICAgICAgICAgICAgICBgKCItZCIgLGhvbWUpICAgICA7IGF2b2lkIHdhcm5p bmcgZnJvbSAndXNlcmFkZCcKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGAoIi1kIiAs aG9tZSAiLS1jcmVhdGUtaG9tZSIpKQorICAgICAgICAgICAgICAgICAgICAgICAgICA7OyBzeXN0 ZW0/IGFjY291bnRzIG1heSBoYXZlIG5vbiBleGlzdGVudCBob21lCisgICAgICAgICAgICAgICAg ICAgICAgICAgIDs7IGRpcmVjdG9yaWVzIChmb3IgZXhhbXBsZSwgdXNlciBub2JvZHkpCisgICAg ICAgICAgICAgICAgICAgICAgICAgIChpZiBzeXN0ZW0/CisgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICBgKCItZCIgLGhvbWUpCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAoaWYg KGZpbGUtZXhpc3RzPyBob21lKQorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGAo Ii1kIiAsaG9tZSkgICAgIDsgYXZvaWQgd2FybmluZyBmcm9tICd1c2VyYWRkJworICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIGAoIi1kIiAsaG9tZSAiLS1jcmVhdGUtaG9tZSIpKSkK ICAgICAgICAgICAgICAgICAgICAgICAgICAgJygpKQogICAgICAgICAgICAgICAgICAgICAsQChp ZiBzaGVsbCBgKCItcyIgLHNoZWxsKSAnKCkpCiAgICAgICAgICAgICAgICAgICAgICxAKGlmIHBh c3N3b3JkIGAoIi1wIiAscGFzc3dvcmQpICcoKSkKQEAgLTE2OSw3ICsxNzMsMTAgQEAgcHJvcGVy dGllcy4gIFJldHVybiAjdCBvbiBzdWNjZXNzLiIKICAgICAgICAgICAgICAgICAgICAgICBgKCIt RyIgLChzdHJpbmctam9pbiBzdXBwbGVtZW50YXJ5LWdyb3VwcyAiLCIpKQogICAgICAgICAgICAg ICAgICAgICAgICcoKSkKICAgICAgICAgICAgICAgICAsQChpZiBjb21tZW50IGAoIi1jIiAsY29t bWVudCkgJygpKQotICAgICAgICAgICAgICAgIDs7IERvbid0IHVzZSAnLS1tb3ZlLWhvbWUnLCBz byBpZ25vcmUgSE9NRS4KKyAgICAgICAgICAgICAgICA7OyBUaGUgaG9tZSBkaXJlY3RvcnkgY291 bGQgaGF2ZSBjaGFuZ2VkLCBidXQgbWF5IGJlIGEKKyAgICAgICAgICAgICAgICA7OyBub25leGlz dGVudCBvbmUsIHNvIGRvbid0IHVzZSAnLS1tb3ZlLWhvbWUnLiBNYW51YWxseQorICAgICAgICAg ICAgICAgIDs7IGNsZWFuaW5nIHRoaW5ncyB1cCBtYXkgYmUgbmVlZGVkIGluIHN1Y2ggYSBjYXNl CisgICAgICAgICAgICAgICAgLEAoaWYgaG9tZSBgKCItZCIgLGhvbWUpICcoKSkKICAgICAgICAg ICAgICAgICAsQChpZiBzaGVsbCBgKCItcyIgLHNoZWxsKSAnKCkpCiAgICAgICAgICAgICAgICAg LG5hbWUpKSkKICAgICAoemVybz8gKGFwcGx5IHN5c3RlbSogInVzZXJtb2QiIGFyZ3MpKSkpCi0t IAoxLjkuMQoK --94eb2c083c702709fa053abb2212--