GNU bug report logs -
#24275
GuixSD has a /nonexistent directory
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 24275 in the body.
You can then email your comments to 24275 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#24275; Package
guix.
(Sat, 20 Aug 2016 20:12:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
John Darrington <john <at> darrington.wattle.id.au>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Sat, 20 Aug 2016 20:12:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Installing GuixSD 0.11.0 creates a directory called /nonexistent
Despite its name, it does actually exist.
I suggest that we rename it or delete it.
J'
--
Avoid eavesdropping. Send strong encryted email.
PGP Public key ID: 1024D/2DE827B3
fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#24275; Package
guix.
(Sun, 21 Aug 2016 23:15:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 24275 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Sat, Aug 20, 2016 at 10:11:00PM +0200, John Darrington wrote:
> Installing GuixSD 0.11.0 creates a directory called /nonexistent
> Despite its name, it does actually exist.
I checked, and it's the 'nobody' user's home directory:
http://git.savannah.gnu.org/cgit/guix.git/tree/gnu/system/shadow.scm#n125
> I suggest that we rename it or delete it.
I think it's very appropriate for nobody to live in a nonexistent
directory ;)
But, I noticed that the directory doesn't exist on my GuixSD system,
which has been reconfigured since the commit that introduced this
directory (2d94702ff). My nobody is still using '/var/empty'.
I wonder if that's a problem?
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#24275; Package
guix.
(Mon, 22 Aug 2016 08:22:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 24275 <at> debbugs.gnu.org (full text, mbox):
Leo Famulari (2016-08-22 02:14 +0300) wrote:
> On Sat, Aug 20, 2016 at 10:11:00PM +0200, John Darrington wrote:
>> Installing GuixSD 0.11.0 creates a directory called /nonexistent
>> Despite its name, it does actually exist.
>
> I checked, and it's the 'nobody' user's home directory:
> http://git.savannah.gnu.org/cgit/guix.git/tree/gnu/system/shadow.scm#n125
>
>> I suggest that we rename it or delete it.
>
> I think it's very appropriate for nobody to live in a nonexistent
> directory ;)
>
> But, I noticed that the directory doesn't exist on my GuixSD system,
> which has been reconfigured since the commit that introduced this
> directory (2d94702ff). My nobody is still using '/var/empty'.
The same for me.
> I wonder if that's a problem?
IIUC it happens because the home directory is created only when a user
is added, and is not changed when the user is modified. See (gnu build
activation) module:
- 'add-user' runs "useradd" with "-d" option to create home dir
- 'modify-user' runs "usermod" without "-d" (and without "--move-home")
So the home of nobody was not changed for us to '/nonexistent' when the
nobody user was changed.
As for me, I wouldn't like to have this directory, and I think it
shouldn't be created (if it is not really needed for nobody user).
--
Alex
Information forwarded
to
bug-guix <at> gnu.org:
bug#24275; Package
guix.
(Mon, 22 Aug 2016 08:48:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 24275 <at> debbugs.gnu.org (full text, mbox):
Hello,
> IIUC it happens because the home directory is created only when a user
> is added, and is not changed when the user is modified. See (gnu build
> activation) module:
>
> - 'add-user' runs "useradd" with "-d" option to create home dir
Maybe the nobody user should be special cased, not to run useradd with
-d, the non existent directory, should really not exist for nobody. This is a
(very small ?) security enhancement, I think...
If this is the way to go, I can have a shot at it...
> - 'modify-user' runs "usermod" without "-d" (and without "--move-home")
>
> So the home of nobody was not changed for us to '/nonexistent' when the
> nobody user was changed.
>
> As for me, I wouldn't like to have this directory, and I think it
> shouldn't be created (if it is not really needed for nobody user).
Ditto.
--
Vincent Legoll
Information forwarded
to
bug-guix <at> gnu.org:
bug#24275; Package
guix.
(Mon, 22 Aug 2016 18:10:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 24275 <at> debbugs.gnu.org (full text, mbox):
On Mon, Aug 22, 2016 at 10:47:51AM +0200, Vincent Legoll wrote:
> Hello,
>
> > IIUC it happens because the home directory is created only when a user
> > is added, and is not changed when the user is modified. See (gnu build
> > activation) module:
> >
> > - 'add-user' runs "useradd" with "-d" option to create home dir
>
> Maybe the nobody user should be special cased, not to run useradd with
> -d, the non existent directory, should really not exist for nobody. This is a
> (very small ?) security enhancement, I think...
My Debian system uses '/nonexistent' for the nobody user's passwd entry,
but the directory does not actually exist.
> If this is the way to go, I can have a shot at it...
>
> > - 'modify-user' runs "usermod" without "-d" (and without "--move-home")
> >
> > So the home of nobody was not changed for us to '/nonexistent' when the
> > nobody user was changed.
> >
> > As for me, I wouldn't like to have this directory, and I think it
> > shouldn't be created (if it is not really needed for nobody user).
>
> Ditto.
I don't fully understand the implications of the change, but it seems
like a worthwhile thing to try doing. At least you might learn something
while implementing it :)
I'll let more experienced people decide if it's the right thing to do.
Information forwarded
to
bug-guix <at> gnu.org:
bug#24275; Package
guix.
(Tue, 23 Aug 2016 11:05:01 GMT)
Full text and
rfc822 format available.
Message #20 received at 24275 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hello,
On Mon, Aug 22, 2016 at 8:09 PM, Leo Famulari <leo <at> famulari.name> wrote:
> On Mon, Aug 22, 2016 at 10:47:51AM +0200, Vincent Legoll wrote:
>>
>> > IIUC it happens because the home directory is created only when a user
>> > is added, and is not changed when the user is modified. See (gnu build
>> > activation) module:
>> >
>> > - 'add-user' runs "useradd" with "-d" option to create home dir
>>
>> Maybe the nobody user should be special cased, not to run useradd with
>> -d, the non existent directory, should really not exist for nobody. This is a
>> (very small ?) security enhancement, I think...
>
> My Debian system uses '/nonexistent' for the nobody user's passwd entry,
> but the directory does not actually exist.
>
>> If this is the way to go, I can have a shot at it...
>>
>> > - 'modify-user' runs "usermod" without "-d" (and without "--move-home")
>> >
>> > So the home of nobody was not changed for us to '/nonexistent' when the
>> > nobody user was changed.
>> >
>> > As for me, I wouldn't like to have this directory, and I think it
>> > shouldn't be created (if it is not really needed for nobody user).
>>
>> Ditto.
>
> I don't fully understand the implications of the change, but it seems
> like a worthwhile thing to try doing. At least you might learn something
> while implementing it :)
>
> I'll let more experienced people decide if it's the right thing to do.
I came with the attached patch, totally untested, probably wrong for some
cases...
The following is what I think I have implemented:
At account creation time, do not create directories for system? accounts.
At account modification, do not create directories, nor move existing ones,
but change them in /etc/passwd
WDYT ?
--
Vincent Legoll
[0001-Avoid-creating-system-user-s-home-directories.patch (text/x-patch, attachment)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#24275; Package
guix.
(Sat, 27 Aug 2016 23:33:01 GMT)
Full text and
rfc822 format available.
Message #23 received at 24275 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hello!
What an embarrassing bug. :-)
Vincent Legoll <vincent.legoll <at> gmail.com> skribis:
> I came with the attached patch, totally untested, probably wrong for some
> cases...
>
> The following is what I think I have implemented:
>
> At account creation time, do not create directories for system? accounts.
>
> At account modification, do not create directories, nor move existing ones,
> but change them in /etc/passwd
>
> WDYT ?
We currently lack a way to specify whether the home directory should be
created, which would be useful for ‘nobody’.
So what about a patch along these lines instead? It adds a
‘create-home-directory?’ field to <user-account> and sets it to #f for
‘nobody’.
Thanks,
Ludo’.
[Message part 2 (text/x-patch, inline)]
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index 6666cb4..10aa58d 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -110,7 +110,8 @@ owner-writable in HOME."
files)))
(define* (add-user name group
- #:key uid comment home shell password system?
+ #:key uid comment home create-home?
+ shell password system?
(supplementary-groups '())
(log-port (current-error-port)))
"Create an account for user NAME part of GROUP, with the specified
@@ -139,7 +140,7 @@ properties. Return #t on success."
`("-G" ,(string-join supplementary-groups ","))
'())
,@(if comment `("-c" ,comment) '())
- ,@(if home
+ ,@(if (and home create-home?)
(if (file-exists? home)
`("-d" ,home) ; avoid warning from 'useradd'
`("-d" ,home "--create-home"))
@@ -158,7 +159,8 @@ properties. Return #t on success."
#t)))))
(define* (modify-user name group
- #:key uid comment home shell password system?
+ #:key uid comment home create-home?
+ shell password system?
(supplementary-groups '())
(log-port (current-error-port)))
"Modify user account NAME to have all the given settings."
@@ -186,7 +188,8 @@ logged in."
(zero? (system* "groupdel" name)))
(define* (ensure-user name group
- #:key uid comment home shell password system?
+ #:key uid comment home create-home?
+ shell password system?
(supplementary-groups '())
(log-port (current-error-port))
#:rest rest)
@@ -207,7 +210,8 @@ numeric gid or #f."
(define activate-user
(match-lambda
- ((name uid group supplementary-groups comment home shell password system?)
+ ((name uid group supplementary-groups comment home create-home?
+ shell password system?)
(let ((profile-dir (string-append "/var/guix/profiles/per-user/"
name)))
(ensure-user name group
@@ -216,6 +220,7 @@ numeric gid or #f."
#:supplementary-groups supplementary-groups
#:comment comment
#:home home
+ #:create-home? create-home?
#:shell shell
#:password password)
diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm
index c394890..be08646 100644
--- a/gnu/system/shadow.scm
+++ b/gnu/system/shadow.scm
@@ -78,6 +78,8 @@
(default '())) ; list of strings
(comment user-account-comment (default ""))
(home-directory user-account-home-directory)
+ (create-home-directory? user-account-create-home-directory? ;Boolean
+ (default #f))
(shell user-account-shell ; gexp
(default #~(string-append #$bash "/bin/bash")))
(system? user-account-system? ; Boolean
@@ -128,6 +130,7 @@
(group "nogroup")
(shell #~(string-append #$shadow "/sbin/nologin"))
(home-directory "/nonexistent")
+ (create-home-directory? #f)
(system? #t))))
(define (default-skeletons)
@@ -255,6 +258,7 @@ of user '~a' is undeclared")
#$(user-account-supplementary-groups account)
#$(user-account-comment account)
#$(user-account-home-directory account)
+ #$(user-account-create-home-directory? account)
,#$(user-account-shell account) ; this one is a gexp
#$(user-account-password account)
#$(user-account-system? account)))
Information forwarded
to
bug-guix <at> gnu.org:
bug#24275; Package
guix.
(Sat, 27 Aug 2016 23:50:02 GMT)
Full text and
rfc822 format available.
Message #26 received at 24275 <at> debbugs.gnu.org (full text, mbox):
On Sun, Aug 28, 2016 at 1:32 AM, Ludovic Courtès <ludo <at> gnu.org> wrote:
> Vincent Legoll <vincent.legoll <at> gmail.com> skribis:
>
>> I came with the attached patch, totally untested, probably wrong for some
>> cases...
My patch was heuristic, so bound to be wrong sometimes...
> We currently lack a way to specify whether the home directory should be
> created, which would be useful for ‘nobody’.
This is the alternative solution, specifying it, always right.
> So what about a patch along these lines instead? It adds a
> ‘create-home-directory?’ field to <user-account> and sets it to #f for
> ‘nobody’.
LGTM, but do I understand correctly: the default value being false, we
will have to always specify the added param as true in system definitions ?
Why not the other way around, that would not need any modifications of
current configs.
--
Vincent Legoll
Changed bug title to 'GuixSD has a /nonexistent directory' from 'Misnamed directory in GuixSD'
Request was from
ludo <at> gnu.org (Ludovic Courtès)
to
control <at> debbugs.gnu.org.
(Sun, 28 Aug 2016 10:59:02 GMT)
Full text and
rfc822 format available.
Reply sent
to
ludo <at> gnu.org (Ludovic Courtès):
You have taken responsibility.
(Sun, 28 Aug 2016 13:49:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
John Darrington <john <at> darrington.wattle.id.au>:
bug acknowledged by developer.
(Sun, 28 Aug 2016 13:49:02 GMT)
Full text and
rfc822 format available.
Message #33 received at 24275-done <at> debbugs.gnu.org (full text, mbox):
Hello!
Vincent Legoll <vincent.legoll <at> gmail.com> skribis:
> On Sun, Aug 28, 2016 at 1:32 AM, Ludovic Courtès <ludo <at> gnu.org> wrote:
>> Vincent Legoll <vincent.legoll <at> gmail.com> skribis:
>>
>>> I came with the attached patch, totally untested, probably wrong for some
>>> cases...
>
> My patch was heuristic, so bound to be wrong sometimes...
>
>> We currently lack a way to specify whether the home directory should be
>> created, which would be useful for ‘nobody’.
>
> This is the alternative solution, specifying it, always right.
Yeah, that’s what I thought. It may be useful in other situations too.
>> So what about a patch along these lines instead? It adds a
>> ‘create-home-directory?’ field to <user-account> and sets it to #f for
>> ‘nobody’.
>
> LGTM, but do I understand correctly: the default value being false, we
> will have to always specify the added param as true in system definitions ?
>
> Why not the other way around, that would not need any modifications of
> current configs.
Oops, I meant it to be #t by default, of course. Good catch!
Pushed as commits eb56ee027b4c6b5682f69fa885d16e55c4495bd8 and
d03db7434b5b2f1e588c65805d38faea973c3cf0.
Thanks!
Ludo’.
Information forwarded
to
bug-guix <at> gnu.org:
bug#24275; Package
guix.
(Sun, 28 Aug 2016 14:45:02 GMT)
Full text and
rfc822 format available.
Message #36 received at 24275-done <at> debbugs.gnu.org (full text, mbox):
BTW,
I think this may be related to this subject, so...
I've found some user account (other than nobody)
that have /var/empty as their home directory, f.e.:
gnu/services/networking.scm:301
(define %ntp-accounts
(list (user-account
(name "ntpd")
(group "nogroup")
(system? #t)
(comment "NTP daemon user")
(home-directory "/var/empty")
(shell #~(string-append #$shadow "/sbin/nologin")))))
Is that a glitch, and they can be moved to /nonexistent or do
they really require an existing directory to work ?
--
Vincent Legoll
Information forwarded
to
bug-guix <at> gnu.org:
bug#24275; Package
guix.
(Mon, 29 Aug 2016 08:06:01 GMT)
Full text and
rfc822 format available.
Message #39 received at 24275-done <at> debbugs.gnu.org (full text, mbox):
Hi,
Vincent Legoll <vincent.legoll <at> gmail.com> skribis:
> I've found some user account (other than nobody)
> that have /var/empty as their home directory, f.e.:
>
> gnu/services/networking.scm:301
>
> (define %ntp-accounts
> (list (user-account
> (name "ntpd")
> (group "nogroup")
> (system? #t)
> (comment "NTP daemon user")
> (home-directory "/var/empty")
> (shell #~(string-append #$shadow "/sbin/nologin")))))
>
> Is that a glitch, and they can be moved to /nonexistent or do
> they really require an existing directory to work ?
I don’t know. /var/empty is a widespread convention. But it probably
doesn’t matter much in fact. :-)
Ludo’.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 26 Sep 2016 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 7 years and 222 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.