GNU bug report logs - #57493
<user-account> should allow for customizing home directory permission bits

Previous Next

Package: guix;

Reported by: "Thompson, David" <dthompson2 <at> worcester.edu>

Date: Tue, 30 Aug 2022 16:54:02 UTC

Severity: normal

Done: Josselin Poiret <dev <at> jpoiret.xyz>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 57493 in the body.
You can then email your comments to 57493 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#57493; Package guix. (Tue, 30 Aug 2022 16:54:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to "Thompson, David" <dthompson2 <at> worcester.edu>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Tue, 30 Aug 2022 16:54:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: "Thompson, David" <dthompson2 <at> worcester.edu>
To: bug-guix <at> gnu.org
Subject: <user-account> should allow for customizing home directory permission
 bits
Date: Tue, 30 Aug 2022 12:53:26 -0400

[Message part 1 (text/plain, inline)]
Hi Guix,

Issue 56444 (https://issues.guix.gnu.org/56444) was caused by the
activate-users+groups procedure in (gnu build activation) unconditionally
setting all user home directory permission bits to 700. The fix for that
bug was to set the bits for a particular user to 750 in a service
activation script.  The fix is quite imperfect, however, because during
system reconfiguration the bits are temporarily reset back to 700 by
activate-users+groups, breaking Guix's promise of atomicity.  The proper
fix would be to add something like a 'home-directory-permission-bits' field
to <user-account>, which defaults to 700, and have activate-users+groups
use that value.  This way, there will no longer be an unknown amount of
time where the bits are reset and potentially breaking some service during
that time.

It seems that there is already some support for implementing such a change
and I am happy to do the work, but I wanted to ask: Are there any gotchas
or issues I should be aware of?  It seems straightforward to me but I
haven't made modifications to the system code in years. I don't want to be
the reason 'guix system reconfigure' fails for someone. :)

Thanks,

- Dave

[Message part 2 (text/html, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#57493; Package guix. (Sat, 14 Jan 2023 17:22:01 GMT) Full text and rfc822 format available.

Message #8 received at 57493 <at> debbugs.gnu.org (full text, mbox):

From: "Thompson, David" <dthompson2 <at> worcester.edu>
To: 57493 <at> debbugs.gnu.org
Subject: Re: bug#57493: <user-account> should allow for customizing home
 directory permission bits
Date: Sat, 14 Jan 2023 12:21:14 -0500

[Message part 1 (text/plain, inline)]
On Tue, Aug 30, 2022 at 1:10 PM Thompson, David
<dthompson2 <at> worcester.edu> wrote:
>
> Hi Guix,
>
> Issue 56444 (https://issues.guix.gnu.org/56444) was caused by the activate-users+groups procedure in (gnu build activation) unconditionally setting all user home directory permission bits to 700. The fix for that bug was to set the bits for a particular user to 750 in a service activation script.  The fix is quite imperfect, however, because during system reconfiguration the bits are temporarily reset back to 700 by activate-users+groups, breaking Guix's promise of atomicity.  The proper fix would be to add something like a 'home-directory-permission-bits' field to <user-account>, which defaults to 700, and have activate-users+groups use that value.  This way, there will no longer be an unknown amount of time where the bits are reset and potentially breaking some service during that time.

FInally got around to writing a patch for this!

- Dave

[0001-gnu-system-Add-home-directory-permissions-field-to-u.patch (text/x-patch, attachment)]
Information forwarded to bug-guix <at> gnu.org:
bug#57493; Package guix. (Sun, 15 Jan 2023 12:26:02 GMT) Full text and rfc822 format available.

Message #11 received at 57493 <at> debbugs.gnu.org (full text, mbox):

From: Liliana Marie Prikler <liliana.prikler <at> gmail.com>
To: "Thompson, David" <dthompson2 <at> worcester.edu>, 57493 <at> debbugs.gnu.org
Subject: Re: bug#57493: <user-account> should allow for customizing home
 directory permission bits
Date: Sun, 15 Jan 2023 13:25:43 +0100

* gnu/system/accounts.scm
> (<user-account>)[home-directory-permissions]: New
> field.
> (user-account-home-directory-permissions): New accessor.
> * gnu/build/activation.scm (activate-users+groups): Use home
> directory
> permission bits from the user account object.
> * doc/guix.texi (User Accounts): Document new field.
LGTM.

The header says this is part 1/2.  Is that correct or did you just
invoke git format-patch wrong?

Cheers
Information forwarded to bug-guix <at> gnu.org:
bug#57493; Package guix. (Sun, 15 Jan 2023 23:40:02 GMT) Full text and rfc822 format available.

Message #14 received at 57493 <at> debbugs.gnu.org (full text, mbox):

From: "Thompson, David" <dthompson2 <at> worcester.edu>
To: Liliana Marie Prikler <liliana.prikler <at> gmail.com>
Cc: 57493 <at> debbugs.gnu.org
Subject: Re: [EXT] Re: bug#57493: <user-account> should allow for customizing
 home directory permission bits
Date: Sun, 15 Jan 2023 18:39:04 -0500

Hi Liliana,

On Sun, Jan 15, 2023 at 7:25 AM Liliana Marie Prikler
<liliana.prikler <at> gmail.com> wrote:
>
> * gnu/system/accounts.scm
> > (<user-account>)[home-directory-permissions]: New
> > field.
> > (user-account-home-directory-permissions): New accessor.
> > * gnu/build/activation.scm (activate-users+groups): Use home
> > directory
> > permission bits from the user account object.
> > * doc/guix.texi (User Accounts): Document new field.
> LGTM.
>
> The header says this is part 1/2.  Is that correct or did you just
> invoke git format-patch wrong?

Oops, that's my bad! I forgot that the patch file header would say
that.  There's a second patch that changes the Gitolite service to use
this new field, which is the service that sparked the need for this
additional flexibility, but I was going to leave that out for now and
maybe just push directly as it's a 2 line change and the gitolite
system test passes. So, please disregard that 1/2 thing!

Thanks for checking!

- Dave
Reply sent to Josselin Poiret <dev <at> jpoiret.xyz>:
You have taken responsibility. (Fri, 25 Aug 2023 16:33:02 GMT) Full text and rfc822 format available.
Notification sent to "Thompson, David" <dthompson2 <at> worcester.edu>:
bug acknowledged by developer. (Fri, 25 Aug 2023 16:33:02 GMT) Full text and rfc822 format available.

Message #19 received at 57493-done <at> debbugs.gnu.org (full text, mbox):

From: Josselin Poiret <dev <at> jpoiret.xyz>
To: "Thompson, David" <dthompson2 <at> worcester.edu>, Liliana Marie Prikler
 <liliana.prikler <at> gmail.com>
Cc: 57493-done <at> debbugs.gnu.org
Subject: Re: bug#57493: [EXT] Re: bug#57493: <user-account> should allow for
 customizing home directory permission bits
Date: Fri, 25 Aug 2023 18:32:24 +0200

[Message part 1 (text/plain, inline)]
Hi Dave,

Pushed as e9a5eebc785cb843034b38c5c5a6dd10904bdf2a.

Thanks for your contribution!  Closing.

Best,
-- 
Josselin Poiret

[signature.asc (application/pgp-signature, inline)]
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sat, 23 Sep 2023 11:24:14 GMT) Full text and rfc822 format available.
This bug report was last modified 209 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.