GNU bug report logs -
#57493
<user-account> should allow for customizing home directory permission bits
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 57493 in the body.
You can then email your comments to 57493 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org
:
bug#57493
; Package
guix
.
(Tue, 30 Aug 2022 16:54:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
"Thompson, David" <dthompson2 <at> worcester.edu>
:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org
.
(Tue, 30 Aug 2022 16:54:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi Guix,
Issue 56444 (https://issues.guix.gnu.org/56444) was caused by the
activate-users+groups procedure in (gnu build activation) unconditionally
setting all user home directory permission bits to 700. The fix for that
bug was to set the bits for a particular user to 750 in a service
activation script. The fix is quite imperfect, however, because during
system reconfiguration the bits are temporarily reset back to 700 by
activate-users+groups, breaking Guix's promise of atomicity. The proper
fix would be to add something like a 'home-directory-permission-bits' field
to <user-account>, which defaults to 700, and have activate-users+groups
use that value. This way, there will no longer be an unknown amount of
time where the bits are reset and potentially breaking some service during
that time.
It seems that there is already some support for implementing such a change
and I am happy to do the work, but I wanted to ask: Are there any gotchas
or issues I should be aware of? It seems straightforward to me but I
haven't made modifications to the system code in years. I don't want to be
the reason 'guix system reconfigure' fails for someone. :)
Thanks,
- Dave
[Message part 2 (text/html, inline)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#57493
; Package
guix
.
(Sat, 14 Jan 2023 17:22:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 57493 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Tue, Aug 30, 2022 at 1:10 PM Thompson, David
<dthompson2 <at> worcester.edu> wrote:
>
> Hi Guix,
>
> Issue 56444 (https://issues.guix.gnu.org/56444) was caused by the activate-users+groups procedure in (gnu build activation) unconditionally setting all user home directory permission bits to 700. The fix for that bug was to set the bits for a particular user to 750 in a service activation script. The fix is quite imperfect, however, because during system reconfiguration the bits are temporarily reset back to 700 by activate-users+groups, breaking Guix's promise of atomicity. The proper fix would be to add something like a 'home-directory-permission-bits' field to <user-account>, which defaults to 700, and have activate-users+groups use that value. This way, there will no longer be an unknown amount of time where the bits are reset and potentially breaking some service during that time.
FInally got around to writing a patch for this!
- Dave
[0001-gnu-system-Add-home-directory-permissions-field-to-u.patch (text/x-patch, attachment)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#57493
; Package
guix
.
(Sun, 15 Jan 2023 12:26:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 57493 <at> debbugs.gnu.org (full text, mbox):
* gnu/system/accounts.scm
> (<user-account>)[home-directory-permissions]: New
> field.
> (user-account-home-directory-permissions): New accessor.
> * gnu/build/activation.scm (activate-users+groups): Use home
> directory
> permission bits from the user account object.
> * doc/guix.texi (User Accounts): Document new field.
LGTM.
The header says this is part 1/2. Is that correct or did you just
invoke git format-patch wrong?
Cheers
Information forwarded
to
bug-guix <at> gnu.org
:
bug#57493
; Package
guix
.
(Sun, 15 Jan 2023 23:40:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 57493 <at> debbugs.gnu.org (full text, mbox):
Hi Liliana,
On Sun, Jan 15, 2023 at 7:25 AM Liliana Marie Prikler
<liliana.prikler <at> gmail.com> wrote:
>
> * gnu/system/accounts.scm
> > (<user-account>)[home-directory-permissions]: New
> > field.
> > (user-account-home-directory-permissions): New accessor.
> > * gnu/build/activation.scm (activate-users+groups): Use home
> > directory
> > permission bits from the user account object.
> > * doc/guix.texi (User Accounts): Document new field.
> LGTM.
>
> The header says this is part 1/2. Is that correct or did you just
> invoke git format-patch wrong?
Oops, that's my bad! I forgot that the patch file header would say
that. There's a second patch that changes the Gitolite service to use
this new field, which is the service that sparked the need for this
additional flexibility, but I was going to leave that out for now and
maybe just push directly as it's a 2 line change and the gitolite
system test passes. So, please disregard that 1/2 thing!
Thanks for checking!
- Dave
Reply sent
to
Josselin Poiret <dev <at> jpoiret.xyz>
:
You have taken responsibility.
(Fri, 25 Aug 2023 16:33:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
"Thompson, David" <dthompson2 <at> worcester.edu>
:
bug acknowledged by developer.
(Fri, 25 Aug 2023 16:33:02 GMT)
Full text and
rfc822 format available.
Message #19 received at 57493-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi Dave,
Pushed as e9a5eebc785cb843034b38c5c5a6dd10904bdf2a.
Thanks for your contribution! Closing.
Best,
--
Josselin Poiret
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Sat, 23 Sep 2023 11:24:14 GMT)
Full text and
rfc822 format available.
This bug report was last modified 209 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.