Installation without non-root user accounts

Ludovic Courtès wrote on 1 Apr 12:31 +0200

Recipients:(address . bug-guix@gnu.org)

Message-ID:875yntnlh5.fsf@inria.fr

Hello!

Using the installer, it’s possible to create a system config without any

non-root user accounts. That’s a problem because then users end up

creating their account manually with ‘useradd’, which gets things wrong,

and things go awry.

To reproduce the issue, in the user page of the installer, add an

account for user “root”. That’s enough to fool this check:

(when (null? users)

(run-error-page (G_ "Please create at least one user.")

(G_ "No user"))

(run users))

This “root” account is then ignored:

(define (users->configuration users)

;; …

`((users (cons*

,@(filter-map (lambda (user)

;; Do not emit a 'user-account' form for "root".

(and (not (string=? (user-name user) "root"))

(user->sexp user)))

users)

%base-user-accounts))))

… and that’s how you end up with a config without normal user accounts.

To address that, maybe ‘run-user-add-page’ should explicitly reject

“root”?

Ludo’.

Ludovic Courtès wrote on 1 Apr 13:44 +0200

control message for bug #54666

Recipients:(address . control@debbugs.gnu.org)

Message-ID:874k3dni41.fsf@gnu.org

severity 54666 important

quit

Ludovic Courtès wrote on 1 Apr 13:44 +0200

control message for bug #53214

Recipients:(address . control@debbugs.gnu.org)

Message-ID:8735ixni3b.fsf@gnu.org

block 53214 by 54666

quit

Mathieu Othacehe wrote on 4 Apr 17:18 +0200

Re: bug#54666: Installation without non-root user accounts

Recipients:(name . Ludovic Courtès)(address . ludovic.courtes@inria.fr)(address . 54666@debbugs.gnu.org)

Message-ID:87k0c4swq5.fsf@gnu.org

Hey Ludo,

Toggle quote (3 lines)

> To address that, maybe ‘run-user-add-page’ should explicitly reject

> “root”?

Here are two patches that should fix this issue :).

Thanks,

Mathieu

From 829c3c2543ffd7f9b22a5e1fb40f7627b2c76414 Mon Sep 17 00:00:00 2001

Forbid root user creation as it could lead to a system without any

non-priviledged user accouts.

Fixes: https://issues.guix.gnu.org/54666.

* gnu/installer/newt/user.scm (run-user-add-page): Forbid it.

---

gnu/installer/newt/user.scm | 51 ++++++++++++++++++++++++-------------

1 file changed, 33 insertions(+), 18 deletions(-)

Toggle diff (80 lines)diff --git a/gnu/installer/newt/user.scm b/gnu/installer/newt/user.scm
index 7c1cc2249d..98b1f5ae9a 100644
--- a/gnu/installer/newt/user.scm
+++ b/gnu/installer/newt/user.scm
@@ -40,6 +40,9 @@ (define* (run-user-add-page #:key (name "") (real-name "")
   (define (pad-label label)
     (string-pad-right label 25))
 
+  (define (root-account? name)
+    (string=? name "root"))
+
   (let* ((label-name
           (make-label -1 -1 (pad-label (G_ "Name"))))
          (label-real-name
@@ -116,10 +119,14 @@ (define (pad-label label)
                                GRID-ELEMENT-SUBGRID button-grid)
                               title)
 
-    (let ((error-page
+    (let ((error-empty-field-page
            (lambda ()
              (run-error-page (G_ "Empty inputs are not allowed.")
-                             (G_ "Empty input")))))
+                             (G_ "Empty input"))))
+          (error-root-page
+           (lambda ()
+             (run-error-page (G_ "Root account is automatically created.")
+                             (G_ "Root account")))))
       (receive (exit-reason argument)
           (run-form form)
         (dynamic-wind
@@ -132,22 +139,30 @@ (define (pad-label label)
                       (real-name      (entry-value entry-real-name))
                       (home-directory (entry-value entry-home-directory))
                       (password       (entry-value entry-password)))
-                  (if (or (string=? name "")
-                          (string=? home-directory ""))
-                      (begin
-                        (error-page)
-                        (run-user-add-page))
-                      (let ((password (confirm-password password)))
-                        (if password
-                            (user
-                             (name name)
-                             (real-name real-name)
-                             (home-directory home-directory)
-                             (password (make-secret password)))
-                            (run-user-add-page #:name name
-                                               #:real-name real-name
-                                               #:home-directory
-                                               home-directory)))))))))
+                  (cond
+                   ;; Empty field.
+                   ((or (string=? name "")
+                        (string=? home-directory ""))
+                    (begin
+                      (error-empty-field-page)
+                      (run-user-add-page)))
+                   ;; Reject root account.
+                   ((root-account? name)
+                    (begin
+                      (error-root-page)
+                      (run-user-add-page)))
+                   (else
+                    (let ((password (confirm-password password)))
+                      (if password
+                          (user
+                           (name name)
+                           (real-name real-name)
+                           (home-directory home-directory)
+                           (password (make-secret password)))
+                          (run-user-add-page #:name name
+                                             #:real-name real-name
+                                             #:home-directory
+                                             home-directory))))))))))
           (lambda ()
             (destroy-form-and-pop form)))))))
 
-- 
2.34.0

From cc32729700caa4b76d112b561a09dd0ff3ada768 Mon Sep 17 00:00:00 2001
From: Mathieu Othacehe <othacehe@gnu.org>
Date: Mon, 4 Apr 2022 16:38:09 +0200
Subject: [PATCH 2/2] installer: user: Remove useless filtering.

* gnu/installer/user.scm (users->configuration): Remove root account filtering
that is now performed in the "run-user-add-page" procedure.
---
 gnu/installer/user.scm | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

Toggle diff (19 lines)diff --git a/gnu/installer/user.scm b/gnu/installer/user.scm
index c894a91dc8..b042c9790d 100644
--- a/gnu/installer/user.scm
+++ b/gnu/installer/user.scm
@@ -69,10 +69,5 @@ (define (user->sexp user)
       (supplementary-groups '("wheel" "netdev"
                               "audio" "video"))))
 
-  `((users (cons*
-            ,@(filter-map (lambda (user)
-                            ;; Do not emit a 'user-account' form for "root".
-                            (and (not (string=? (user-name user) "root"))
-                                 (user->sexp user)))
-                          users)
-            %base-user-accounts))))
+  `((users (cons* ,@(map user->sexp users)
+                  %base-user-accounts))))
-- 
2.34.0

Ludovic Courtès wrote on 5 Apr 09:44 +0200

Recipients:(name . Mathieu Othacehe)(address . othacehe@gnu.org)(address . 54666@debbugs.gnu.org)

Message-ID:87r16cq8in.fsf@inria.fr

Hello!

Mathieu Othacehe <othacehe@gnu.org> skribis:

Toggle quote (12 lines)> From 829c3c2543ffd7f9b22a5e1fb40f7627b2c76414 Mon Sep 17 00:00:00 2001
> From: Mathieu Othacehe <othacehe@gnu.org>
> Date: Mon, 4 Apr 2022 16:36:07 +0200
> Subject: [PATCH 1/2] installer: user: Forbid root user creation.
>
> Forbid root user creation as it could lead to a system without any
> non-priviledged user accouts.
>
> Fixes: <https://issues.guix.gnu.org/54666>.
>
> * gnu/installer/newt/user.scm (run-user-add-page): Forbid it.

[...]

Toggle quote (13 lines)> +                  (cond
> +                   ;; Empty field.
> +                   ((or (string=? name "")
> +                        (string=? home-directory ""))
> +                    (begin
> +                      (error-empty-field-page)
> +                      (run-user-add-page)))
> +                   ;; Reject root account.
> +                   ((root-account? name)
> +                    (begin
> +                      (error-root-page)
> +                      (run-user-add-page)))

Nitpick: you can omit ‘begin’ here.

Toggle quote (8 lines)

> From cc32729700caa4b76d112b561a09dd0ff3ada768 Mon Sep 17 00:00:00 2001

> From: Mathieu Othacehe <othacehe@gnu.org>

> Date: Mon, 4 Apr 2022 16:38:09 +0200

> Subject: [PATCH 2/2] installer: user: Remove useless filtering.

> * gnu/installer/user.scm (users->configuration): Remove root account filtering

> that is now performed in the "run-user-add-page" procedure.

LGTM, thanks for the quick fix!

Ludo’.

Mathieu Othacehe wrote on 6 Apr 21:20 +0200

Recipients:(name . Ludovic Courtès)(address . ludovic.courtes@inria.fr)(address . 54666-done@debbugs.gnu.org)

Message-ID:87y20iyq5h.fsf@gnu.org

Hey!

Toggle quote (2 lines)

> Nitpick: you can omit ‘begin’ here.

Fixed it before pushing, thanks for having a look.

Mathieu

Closed

Your comment

This issue is archived.

To comment on this conversation send email to 54666@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date