Installation without non-root user accounts

  • Done
  • quality assurance status badge
Details
3 participants
  • Ludovic Courtès
  • Ludovic Courtès
  • Mathieu Othacehe
Owner
unassigned
Submitted by
Ludovic Courtès
Severity
important
L
L
Ludovic Courtès wrote on 1 Apr 2022 12:31
(address . bug-guix@gnu.org)
875yntnlh5.fsf@inria.fr
Hello!

Using the installer, it’s possible to create a system config without any
non-root user accounts. That’s a problem because then users end up
creating their account manually with ‘useradd’, which gets things wrong,
and things go awry.

To reproduce the issue, in the user page of the installer, add an
account for user “root”. That’s enough to fool this check:

(when (null? users)
(run-error-page (G_ "Please create at least one user.")
(G_ "No user"))
(run users))

This “root” account is then ignored:

(define (users->configuration users)
;; …
`((users (cons*
,@(filter-map (lambda (user)
;; Do not emit a 'user-account' form for "root".
(and (not (string=? (user-name user) "root"))
(user->sexp user)))
users)
%base-user-accounts))))

… and that’s how you end up with a config without normal user accounts.

To address that, maybe ‘run-user-add-page’ should explicitly reject
“root”?

Ludo’.
L
L
Ludovic Courtès wrote on 1 Apr 2022 13:44
control message for bug #54666
(address . control@debbugs.gnu.org)
874k3dni41.fsf@gnu.org
severity 54666 important
quit
L
L
Ludovic Courtès wrote on 1 Apr 2022 13:44
control message for bug #53214
(address . control@debbugs.gnu.org)
8735ixni3b.fsf@gnu.org
block 53214 by 54666
quit
M
M
Mathieu Othacehe wrote on 4 Apr 2022 17:18
Re: bug#54666: Installation without non-root user accounts
(name . Ludovic Courtès)(address . ludovic.courtes@inria.fr)(address . 54666@debbugs.gnu.org)
87k0c4swq5.fsf@gnu.org
Hey Ludo,

Toggle quote (3 lines)
> To address that, maybe ‘run-user-add-page’ should explicitly reject
> “root”?

Here are two patches that should fix this issue :).

Thanks,

Mathieu
From 829c3c2543ffd7f9b22a5e1fb40f7627b2c76414 Mon Sep 17 00:00:00 2001
From: Mathieu Othacehe <othacehe@gnu.org>
Date: Mon, 4 Apr 2022 16:36:07 +0200
Subject: [PATCH 1/2] installer: user: Forbid root user creation.

Forbid root user creation as it could lead to a system without any
non-priviledged user accouts.


* gnu/installer/newt/user.scm (run-user-add-page): Forbid it.
---
gnu/installer/newt/user.scm | 51 ++++++++++++++++++++++++-------------
1 file changed, 33 insertions(+), 18 deletions(-)

Toggle diff (80 lines)
diff --git a/gnu/installer/newt/user.scm b/gnu/installer/newt/user.scm
index 7c1cc2249d..98b1f5ae9a 100644
--- a/gnu/installer/newt/user.scm
+++ b/gnu/installer/newt/user.scm
@@ -40,6 +40,9 @@ (define* (run-user-add-page #:key (name "") (real-name "")
(define (pad-label label)
(string-pad-right label 25))
+ (define (root-account? name)
+ (string=? name "root"))
+
(let* ((label-name
(make-label -1 -1 (pad-label (G_ "Name"))))
(label-real-name
@@ -116,10 +119,14 @@ (define (pad-label label)
GRID-ELEMENT-SUBGRID button-grid)
title)
- (let ((error-page
+ (let ((error-empty-field-page
(lambda ()
(run-error-page (G_ "Empty inputs are not allowed.")
- (G_ "Empty input")))))
+ (G_ "Empty input"))))
+ (error-root-page
+ (lambda ()
+ (run-error-page (G_ "Root account is automatically created.")
+ (G_ "Root account")))))
(receive (exit-reason argument)
(run-form form)
(dynamic-wind
@@ -132,22 +139,30 @@ (define (pad-label label)
(real-name (entry-value entry-real-name))
(home-directory (entry-value entry-home-directory))
(password (entry-value entry-password)))
- (if (or (string=? name "")
- (string=? home-directory ""))
- (begin
- (error-page)
- (run-user-add-page))
- (let ((password (confirm-password password)))
- (if password
- (user
- (name name)
- (real-name real-name)
- (home-directory home-directory)
- (password (make-secret password)))
- (run-user-add-page #:name name
- #:real-name real-name
- #:home-directory
- home-directory)))))))))
+ (cond
+ ;; Empty field.
+ ((or (string=? name "")
+ (string=? home-directory ""))
+ (begin
+ (error-empty-field-page)
+ (run-user-add-page)))
+ ;; Reject root account.
+ ((root-account? name)
+ (begin
+ (error-root-page)
+ (run-user-add-page)))
+ (else
+ (let ((password (confirm-password password)))
+ (if password
+ (user
+ (name name)
+ (real-name real-name)
+ (home-directory home-directory)
+ (password (make-secret password)))
+ (run-user-add-page #:name name
+ #:real-name real-name
+ #:home-directory
+ home-directory))))))))))
(lambda ()
(destroy-form-and-pop form)))))))
--
2.34.0
From cc32729700caa4b76d112b561a09dd0ff3ada768 Mon Sep 17 00:00:00 2001
From: Mathieu Othacehe <othacehe@gnu.org>
Date: Mon, 4 Apr 2022 16:38:09 +0200
Subject: [PATCH 2/2] installer: user: Remove useless filtering.

* gnu/installer/user.scm (users->configuration): Remove root account filtering
that is now performed in the "run-user-add-page" procedure.
---
gnu/installer/user.scm | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/installer/user.scm b/gnu/installer/user.scm
index c894a91dc8..b042c9790d 100644
--- a/gnu/installer/user.scm
+++ b/gnu/installer/user.scm
@@ -69,10 +69,5 @@ (define (user->sexp user)
(supplementary-groups '("wheel" "netdev"
"audio" "video"))))
- `((users (cons*
- ,@(filter-map (lambda (user)
- ;; Do not emit a 'user-account' form for "root".
- (and (not (string=? (user-name user) "root"))
- (user->sexp user)))
- users)
- %base-user-accounts))))
+ `((users (cons* ,@(map user->sexp users)
+ %base-user-accounts))))
--
2.34.0
L
L
Ludovic Courtès wrote on 5 Apr 2022 09:44
(name . Mathieu Othacehe)(address . othacehe@gnu.org)(address . 54666@debbugs.gnu.org)
87r16cq8in.fsf@inria.fr
Hello!

Mathieu Othacehe <othacehe@gnu.org> skribis:

Toggle quote (12 lines)
> From 829c3c2543ffd7f9b22a5e1fb40f7627b2c76414 Mon Sep 17 00:00:00 2001
> From: Mathieu Othacehe <othacehe@gnu.org>
> Date: Mon, 4 Apr 2022 16:36:07 +0200
> Subject: [PATCH 1/2] installer: user: Forbid root user creation.
>
> Forbid root user creation as it could lead to a system without any
> non-priviledged user accouts.
>
> Fixes: <https://issues.guix.gnu.org/54666>.
>
> * gnu/installer/newt/user.scm (run-user-add-page): Forbid it.

[...]

Toggle quote (13 lines)
> + (cond
> + ;; Empty field.
> + ((or (string=? name "")
> + (string=? home-directory ""))
> + (begin
> + (error-empty-field-page)
> + (run-user-add-page)))
> + ;; Reject root account.
> + ((root-account? name)
> + (begin
> + (error-root-page)
> + (run-user-add-page)))

Nitpick: you can omit ‘begin’ here.

Toggle quote (8 lines)
> From cc32729700caa4b76d112b561a09dd0ff3ada768 Mon Sep 17 00:00:00 2001
> From: Mathieu Othacehe <othacehe@gnu.org>
> Date: Mon, 4 Apr 2022 16:38:09 +0200
> Subject: [PATCH 2/2] installer: user: Remove useless filtering.
>
> * gnu/installer/user.scm (users->configuration): Remove root account filtering
> that is now performed in the "run-user-add-page" procedure.

LGTM, thanks for the quick fix!

Ludo’.
M
M
Mathieu Othacehe wrote on 6 Apr 2022 21:20
(name . Ludovic Courtès)(address . ludovic.courtes@inria.fr)(address . 54666-done@debbugs.gnu.org)
87y20iyq5h.fsf@gnu.org
Hey!

Toggle quote (2 lines)
> Nitpick: you can omit ‘begin’ here.

Fixed it before pushing, thanks for having a look.

Mathieu
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 54666@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 54666
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch