[PATCH] Fix unitentional creation of greeter's home directory

  • Done
  • quality assurance status badge
Details
4 participants
  • lgcoelho
  • muradm
  • Maxim Cournoyer
  • Nicolas Graves
Owner
unassigned
Submitted by
lgcoelho
Severity
normal

Debbugs page

lgcoelho wrote 11 months ago
(address . guix-patches@gnu.org)
c45600de103d560b3487772b103d7e4b@disroot.org
This patch adresses the unintentional creation of the greeter's home
directory when using the greetd-service.
Attachment: file
From 4be55c2b63c050ae837e9afa7969cfb3ee8df1e5 Mon Sep 17 00:00:00 2001
From: Luis Guilherme Coelho <lgcoelho@disroot.org>
Date: Tue, 9 Apr 2024 20:38:33 -0300
Subject: [PATCH] services: base: Fix unintentional creation of greeter's home
directory

* gnu/services/base.scm (greetd-account) [create-home-directory?]: Set to false.
---
gnu/services/base.scm | 2 ++
1 file changed, 2 insertions(+)

Toggle diff (22 lines)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 3f912225a0..b39b8418ed 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -21,6 +21,7 @@
;;; Copyright © 2022 Justin Veilleux <terramorpha@cock.li>
;;; Copyright © 2022 ( <paren@disroot.org>
;;; Copyright © 2023 Bruno Victal <mirai@makinata.eu>
+;;; Copyright © 2024 Luis Guilherme Coelho <lgcoelho@disroot.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -3481,6 +3482,7 @@ (define (greetd-accounts config)
(name "greeter")
(group "greeter")
(supplementary-groups (greetd-greeter-supplementary-groups config))
+ (create-home-directory? #f)
(system? #t))))
(define (make-greetd-pam-mount-conf-file config)
--
2.41.0
muradm wrote 2 months ago
(address . lgcoelho@disroot.org)(address . 70318@debbugs.gnu.org)
87msg73h8x.fsf@muradm.net
This may break greeters which are more complex than agreety. For
instance, gtkgreet/wlgreet run under sway. One of subdependencies
is mesa, which will want to write shader caches somewhere. Another
one is fontconfig, doing similar thing for fonts. There may be
others, which hard to track and tune. Some could be impossible to
tune at all.

lgcoelho@disroot.org writes:

Toggle quote (6 lines)
> This patch adresses the unintentional creation of the greeter's
> home
> directory when using the greetd-service.
>
> [4. text/x-diff;
> 0001-services-base-Fix-unintentional-creation-of-greeter-.patch]...
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEESPY5lma9A9l5HGLP6M7O0mLOBeIFAmd4Ju4ACgkQ6M7O0mLO
BeLJnw/6AxGjlNCGthwuCHs/m2PQXGH7BEH2dDUYwySbSKq6ZI1NRj+H+UG4ND2E
FE6HxrK++ifFNu1/iJQmxCgodmaKmyCJgVoS259AVqJqVuWwHRbPzeEWnETxKmYW
sKUUsgBgXRgP0cMujG+jvliQeg7elI42X5hbAUQUJs9F9b34LSHxQUhO371fOnLa
y5wjUYM84neUFPWmEykw09dBtlnyDwRLXjUH01ruElh2/QfPbOvQEvDdHshNOJkt
eCtkJdeg5L/IYTjiYnuaQOpgIoiHv1nN/63Fa6Qb0mDGXniuPAw/SS10CE1QLSGn
8/IDDnkiSVZI4IjuiKG4EQ6iQpC7a0hyS2rhuLP2DsM+Y2rIqzxDS/+zJLpiXFqn
T7uDZSqRhUxBXEo3IO52xjNbEOv0JaIghA+R+y20tBjs0OODhOukPMwNTK+YE5gH
NyDKadyJL/GGe7qgcUJG6t9JtsBXdq2bHeofaLd/60aB7cQnuZSdvpiazrl/PQfA
SI2OA7qjHJieG+1AMoJC3uYql3Cw/MOiqAQxXVoPpDDrHpq7BH5DOhyiQkRT7XWU
BzKy6RTj1c5vp7iyUmSvfgIS1wGiIWhxUEE6QuDSdZB1RSVv5XfMBWvfqNQ26ap6
inWzP7sx6OmzgHKvKndEc8j0m9lHM/dSjQyb+RoXNw9joFy6zfM=
=6z50
-----END PGP SIGNATURE-----

Nicolas Graves wrote 2 months ago
(address . 70318@debbugs.gnu.org)
87o70mzn9b.fsf@ngraves.fr
On 2025-01-03 21:05, muradm wrote:

Toggle quote (7 lines)
> This may break greeters which are more complex than agreety. For
> instance, gtkgreet/wlgreet run under sway. One of subdependencies
> is mesa, which will want to write shader caches somewhere. Another
> one is fontconfig, doing similar thing for fonts. There may be
> others, which hard to track and tune. Some could be impossible to
> tune at all.

Then maybe we can make it conditional on agreety?

If all greetd-configuration-terminals have their
greet-default-session-command being an greetd-agreety-session?, we could
set it to #f.

Something like this could work:
(create-home-directory? (not (every greetd-agreety-session? (map greetd-default-session-command (greetd-configuration-terminals config)))))

WDYT?

--
Best regards,
Nicolas Graves
muradm wrote 2 months ago
(name . Nicolas Graves)(address . ngraves@ngraves.fr)
878qrqr54i.fsf@muradm.net
Nicolas Graves <ngraves@ngraves.fr> writes:

Toggle quote (27 lines)
> On 2025-01-03 21:05, muradm wrote:
>
>> This may break greeters which are more complex than agreety.
>> For
>> instance, gtkgreet/wlgreet run under sway. One of
>> subdependencies
>> is mesa, which will want to write shader caches somewhere.
>> Another
>> one is fontconfig, doing similar thing for fonts. There may be
>> others, which hard to track and tune. Some could be impossible
>> to
>> tune at all.
>
> Then maybe we can make it conditional on agreety?
>
> If all greetd-configuration-terminals have their
> greet-default-session-command being an greetd-agreety-session?,
> we could
> set it to #f.
>
> Something like this could work:
> (create-home-directory? (not (every greetd-agreety-session? (map
> greetd-default-session-command (greetd-configuration-terminals
> config)))))
>
> WDYT?

2 of 3 greeters needs home. With improvements implemented by 75270
`greetd-terminal-configuration` is detached from details of its
`default-session-command`. By this, any user can workout its
greeter. If we hardcode implementation of greeter in terminal user
may loose such flexibility. Also once you implement such
condition, you will have to maintain with any other greeter added
in the future.

One way would be to carry this flag into `greetd-configuration`,
IMHO will uneccessarily complicate the things. Is there any good
reason for doing that?

What is the problem with having home directory for greeter user?
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEESPY5lma9A9l5HGLP6M7O0mLOBeIFAmd5Tk0ACgkQ6M7O0mLO
BeKjzw//e5AxLqdhWHaCn4z5bwGvbwDh215TPN0o71iepJBY+0oxjAS5Hg7qUtsr
wjTIhBYfSYRLGJUxtX2lcr+XMJoZQ8caFGRL+wBSzLxU8Tsf8rqIAbB3dwMIpqlB
8Gh2X3ykhk+flvoQPRTxRyVf4I7U/B97BLdE2ddi/A7WjHxKZIz/CR5C8kJJqK69
pb3AFXEjWKOVsEbilPMymF6H3capYl2LjgphScAioDa9k8osvc8l+XuVtiRj/E9w
6jV2qDg+EkyB1pULvWeoZmrUY1mh4bh+USLA/2wFzElR8fUKaKI5fx5f4+vdtlbO
5g/iFLgDfnUrXGmkK5IQBIweKHW4fuN1X3lAWcZs0GufRZi2n00Xj7fc5WtvM5Sp
5b44dput7vdWvkAwb/QgODDAFALnkpmfuqHQ2OsL2+Wqk4jHsOf41o7sl8Z3Ss29
XdxhSX5Y7mvXMOuR3FNWCe5K5+x8CV7VJVXbXHsxnhhch5z8T7yi/Rsz7aVI2Mu8
MGOZfufhRPQgsJYnyLkARLqmwb2Smn7KuQLyQHf7HImLrBt16B7+pUQlufGANxpW
dzemK3m2Os1HrSBTvhfIMjXcEQ/XDYDjrnJk29vMDv1teAD/9W+fmR6BKArp74fo
YzNdnJQ61gEHvfUlsH44JDeMQugt2Kf2sGRnar5I5prelEzdQxw=
=qp6Y
-----END PGP SIGNATURE-----

muradm wrote 2 months ago
(name . Nicolas Graves)(address . ngraves@ngraves.fr)
87zfk6o6ad.fsf@muradm.net
muradm <mail@muradm.net> writes:

Toggle quote (36 lines)
>>
>> Then maybe we can make it conditional on agreety?
>>
>> If all greetd-configuration-terminals have their
>> greet-default-session-command being an greetd-agreety-session?,
>> we
>> could
>> set it to #f.
>>
>> Something like this could work:
>> (create-home-directory? (not (every greetd-agreety-session?
>> (map
>> greetd-default-session-command (greetd-configuration-terminals
>> config)))))
>>
>> WDYT?
>
> 2 of 3 greeters needs home. With improvements implemented by
> 75270
> `greetd-terminal-configuration` is detached from details of its
> `default-session-command`. By this, any user can workout its
> greeter.
> If we hardcode implementation of greeter in terminal user may
> loose
> such flexibility. Also once you implement such condition, you
> will
> have to maintain with any other greeter added in the future.
>
> One way would be to carry this flag into `greetd-configuration`,
> IMHO
> will uneccessarily complicate the things. Is there any good
> reason for
> doing that?
>
> What is the problem with having home directory for greeter user?

After some more meditation, I remembered that originally I also
did not like idea of having extra user home directory and
considering changes introduced by #75270, it became obvious that
sway specific environment can be setup within
`make-greetd-sway-greeter-command`. Further greeters may either
improve on it, or provide their own entry point commands as they
see fit. v2 of 75270 includes this change, and adjusts the
environment accordingly. This issue can be closed in favor if
75270.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEESPY5lma9A9l5HGLP6M7O0mLOBeIFAmd5ayoACgkQ6M7O0mLO
BeJVUxAA2h5kx1b+6EBOXS3RjhfUZEo8BqJjWxQtSCR0Oto3NpyidUb6aLjyk1Km
5TXpUst8f4Tuc1PPyCkVkT8rsQ/fh9ijx/JwtP7vWUiUBYC30OWVsfZOY8P6nTpb
eqb6e6i2qaJQySh5WY/djg+M43wMcIhwAw9/BKpA2De4PM5HrTXe0PG9XEUoiCyI
MF5v3uWLBqgB4WAC7l605SSqFdqHhub/dbX2oyHndORjO685eoRytHAUA1ITkP5W
uAX2oQ2bVjdtGENW67937Gl0/LR1RFRNku3oYlurNGfc3y7QTHxYdIfgFgFCRoKz
Wvl2QQby9xc1MAocszGmnUkbL6tUVB/w4/If2OfYBBO5eP1RCnEp04zI3Lfu5cT8
N6EiUK69654X+Mizng0ZMXlM6enzSBLkKS8qRNX7UkdHb3Fs+SdD9/smFbu6cxSr
CSkJHRcqB2Xx28tjCehmxwnxvoEhgIgUBwvtHHyvnFNxYv+tyTxwBIPzKzQBE+ZO
hPMN3oEnUhMUGRsfQDIN/lRLsKyzsE+Ly2+gJhaQTyP/TRZj4OZmptlqOVR0uICN
JcgooIo6elJwTeHjfRYA6dwfi43kHAxgyMXmmKLWF0s6qcMRrXi86UgoGGi5oY9F
xYuMP2ToyJkchGuKwjqEB9sZRxNu87fFNbHAL15wVkR9trnKBo8=
=TaIj
-----END PGP SIGNATURE-----

Maxim Cournoyer wrote 4 weeks ago
Re: [bug#75270] [PATCH v6 0/3] services: greetd: Improve greeter configurations.
(name . muradm)(address . mail@muradm.net)
8734gr8aff.fsf@gmail.com
close 64112
close 65769
close 70605
close 70318
quit

Hi,

muradm <mail@muradm.net> writes:

Toggle quote (10 lines)
> Minor improvements and fixes compared to v5.
> Adds extra-shepherd-requirement.
>
> Improves greeter configuration and adds new gtkgreet greeter.
>
> Fixes: https://issues.guix.gnu.org/64112
> Fixes: https://issues.guix.gnu.org/65769
> Fixes: https://issues.guix.gnu.org/70605
> Obsoletes: https://issues.guix.gnu.org/70318

Pushed as commit 220ef58440. Thanks a lot for tackling these various
issues and for your patience during the review.

--
Thanks,
Maxim
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 70318@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 70318
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help