GNU bug report logs - #21566
Bug when moving between system instances

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 21566 in the body.
You can then email your comments to 21566 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: goglosh <at> openmailbox.org
To: bug-guix <at> gnu.org
Subject: Bug when moving between system instances
Date: Sat, 26 Sep 2015 03:21:23 +0000

Hello.
I got this unexpected behaviour. I used `guix system reconfigure ...` to 
make a new system instance, used it for a while, and later booted back 
into the old system. I used diferent names for the user in the first and 
second system, let's call them sys1user and sys2user. I booted into the 
old system and tried to login as sys1user (the user created with that 
system) with it's password and this was no longer possible. root 
remained untouched, so I used root to change the password and login as 
usual. Done that I discovered I didn't have access to the files of 
user1.
I then rebooted back into the new system, only to find the exact same 
problem. in /home/sys2user all files belonged to some user called 30011. 
I could of course change permissions for most of them using sudo, all 
but the all-important ~/.guix-profile. Since it's a symlink to a 
read-only filesystem, this was impossible.
Thanks for listening, and, sorry about the non-technical bug report.

Message #8 received at 21566 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: goglosh <at> openmailbox.org
Cc: 21566 <at> debbugs.gnu.org
Subject: Re: bug#21566: Bug when moving between system instances
Date: Sat, 26 Sep 2015 22:21:36 +0200

goglosh <at> openmailbox.org skribis:

> I got this unexpected behaviour. I used `guix system reconfigure ...`
> to make a new system instance, used it for a while, and later booted
> back into the old system. I used diferent names for the user in the
> first and second system, let's call them sys1user and sys2user. I
> booted into the old system and tried to login as sys1user (the user
> created with that system) with it's password and this was no longer
> possible.

Yes, good point.  I see how this may look confusing.

When you boot a specific generation of the system, it gets to see only
the set of users that were declared for that generation.  So one sees
‘sys1user’ and ‘root’, and the other has ‘sys2user’ and ‘root’.

So when you booted the new generation, the ‘sys1user’ account was
deleted and the ‘sys2user’ account was created.  When you booted again
into the old generation, ‘sys1user’ was added back and ‘sys2user’ was
deleted.  This is on purpose, see <http://bugs.gnu.org/19795>.

Now, the problem is that passwords are state that is outside of GuixSD’s
control.  Passwords are stored in /etc/shadow, and removing a user
account removes its entry in /etc/shadow.  This is why you would get
uninitialized passwords when booting back in the old generation.

I think this is an acceptable “limitation” of the approach though.

> I then rebooted back into the new system, only to find the exact same
> problem. in /home/sys2user all files belonged to some user called
> 30011.

Same issue: Unless the ‘user-account’ declaration asked for a specific
user ID via the ‘uid’ field (see
<http://www.gnu.org/software/guix/manual/html_node/User-Accounts.html>),
the UID is assigned when the account is first created.

What happens here is that maybe ‘sys2user’ got the UID 30011 at some
point, and then got a different one.

Again, I don’t thin there’s much that GuixSD can do here, because it
doesn’t control what files are created under which UID in /home, etc.

Does that make sense?

Thanks,
Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.