GNU bug report logs - #54666
Installation without non-root user accounts

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludovic.courtes <at> inria.fr>

Date: Fri, 1 Apr 2022 10:32:01 UTC

Severity: important

Done: Mathieu Othacehe <othacehe <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 54666 in the body.
You can then email your comments to 54666 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to m.othacehe <at> gmail.com, dev <at> jpoiret.xyz, bug-guix <at> gnu.org:
bug#54666; Package guix. (Fri, 01 Apr 2022 10:32:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to Ludovic Courtès <ludovic.courtes <at> inria.fr>:
New bug report received and forwarded. Copy sent to m.othacehe <at> gmail.com, dev <at> jpoiret.xyz, bug-guix <at> gnu.org. (Fri, 01 Apr 2022 10:32:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludovic.courtes <at> inria.fr>
To: bug-guix <at> gnu.org
Subject: Installation without non-root user accounts
Date: Fri, 01 Apr 2022 12:31:34 +0200

Hello!

Using the installer, it’s possible to create a system config without any
non-root user accounts.  That’s a problem because then users end up
creating their account manually with ‘useradd’, which gets things wrong,
and things go awry.

To reproduce the issue, in the user page of the installer, add an
account for user “root”.  That’s enough to fool this check:

     (when (null? users)
       (run-error-page (G_ "Please create at least one user.")
                       (G_ "No user"))
       (run users))

This “root” account is then ignored:

  (define (users->configuration users)
    ;; …
    `((users (cons*
              ,@(filter-map (lambda (user)
                              ;; Do not emit a 'user-account' form for "root".
                              (and (not (string=? (user-name user) "root"))
                                   (user->sexp user)))
                            users)
              %base-user-accounts))))

… and that’s how you end up with a config without normal user accounts.

To address that, maybe ‘run-user-add-page’ should explicitly reject
“root”?

Ludo’.
Severity set to 'important' from 'normal' Request was from Ludovic Courtès <ludo <at> gnu.org> to control <at> debbugs.gnu.org. (Fri, 01 Apr 2022 11:45:01 GMT) Full text and rfc822 format available.
Added indication that bug 54666 blocks53214 Request was from Ludovic Courtès <ludo <at> gnu.org> to control <at> debbugs.gnu.org. (Fri, 01 Apr 2022 11:45:02 GMT) Full text and rfc822 format available.
Information forwarded to bug-guix <at> gnu.org:
bug#54666; Package guix. (Mon, 04 Apr 2022 15:19:01 GMT) Full text and rfc822 format available.

Message #12 received at 54666 <at> debbugs.gnu.org (full text, mbox):

From: Mathieu Othacehe <othacehe <at> gnu.org>
To: Ludovic Courtès <ludovic.courtes <at> inria.fr>
Cc: 54666 <at> debbugs.gnu.org
Subject: Re: bug#54666: Installation without non-root user accounts
Date: Mon, 04 Apr 2022 17:18:42 +0200

[Message part 1 (text/plain, inline)]
Hey Ludo,

> To address that, maybe ‘run-user-add-page’ should explicitly reject
> “root”?

Here are two patches that should fix this issue :).

Thanks,

Mathieu

[0001-installer-user-Forbid-root-user-creation.patch (text/x-patch, inline)]
From 829c3c2543ffd7f9b22a5e1fb40f7627b2c76414 Mon Sep 17 00:00:00 2001
From: Mathieu Othacehe <othacehe <at> gnu.org>
Date: Mon, 4 Apr 2022 16:36:07 +0200
Subject: [PATCH 1/2] installer: user: Forbid root user creation.

Forbid root user creation as it could lead to a system without any
non-priviledged user accouts.

Fixes: <https://issues.guix.gnu.org/54666>.

* gnu/installer/newt/user.scm (run-user-add-page): Forbid it.
---
 gnu/installer/newt/user.scm | 51 ++++++++++++++++++++++++-------------
 1 file changed, 33 insertions(+), 18 deletions(-)

diff --git a/gnu/installer/newt/user.scm b/gnu/installer/newt/user.scm
index 7c1cc2249d..98b1f5ae9a 100644
--- a/gnu/installer/newt/user.scm
+++ b/gnu/installer/newt/user.scm
@@ -40,6 +40,9 @@ (define* (run-user-add-page #:key (name "") (real-name "")
   (define (pad-label label)
     (string-pad-right label 25))
 
+  (define (root-account? name)
+    (string=? name "root"))
+
   (let* ((label-name
           (make-label -1 -1 (pad-label (G_ "Name"))))
          (label-real-name
@@ -116,10 +119,14 @@ (define (pad-label label)
                                GRID-ELEMENT-SUBGRID button-grid)
                               title)
 
-    (let ((error-page
+    (let ((error-empty-field-page
            (lambda ()
              (run-error-page (G_ "Empty inputs are not allowed.")
-                             (G_ "Empty input")))))
+                             (G_ "Empty input"))))
+          (error-root-page
+           (lambda ()
+             (run-error-page (G_ "Root account is automatically created.")
+                             (G_ "Root account")))))
       (receive (exit-reason argument)
           (run-form form)
         (dynamic-wind
@@ -132,22 +139,30 @@ (define (pad-label label)
                       (real-name      (entry-value entry-real-name))
                       (home-directory (entry-value entry-home-directory))
                       (password       (entry-value entry-password)))
-                  (if (or (string=? name "")
-                          (string=? home-directory ""))
-                      (begin
-                        (error-page)
-                        (run-user-add-page))
-                      (let ((password (confirm-password password)))
-                        (if password
-                            (user
-                             (name name)
-                             (real-name real-name)
-                             (home-directory home-directory)
-                             (password (make-secret password)))
-                            (run-user-add-page #:name name
-                                               #:real-name real-name
-                                               #:home-directory
-                                               home-directory)))))))))
+                  (cond
+                   ;; Empty field.
+                   ((or (string=? name "")
+                        (string=? home-directory ""))
+                    (begin
+                      (error-empty-field-page)
+                      (run-user-add-page)))
+                   ;; Reject root account.
+                   ((root-account? name)
+                    (begin
+                      (error-root-page)
+                      (run-user-add-page)))
+                   (else
+                    (let ((password (confirm-password password)))
+                      (if password
+                          (user
+                           (name name)
+                           (real-name real-name)
+                           (home-directory home-directory)
+                           (password (make-secret password)))
+                          (run-user-add-page #:name name
+                                             #:real-name real-name
+                                             #:home-directory
+                                             home-directory))))))))))
           (lambda ()
             (destroy-form-and-pop form)))))))
 
-- 
2.34.0


[0002-installer-user-Remove-useless-filtering.patch (text/x-patch, inline)]
From cc32729700caa4b76d112b561a09dd0ff3ada768 Mon Sep 17 00:00:00 2001
From: Mathieu Othacehe <othacehe <at> gnu.org>
Date: Mon, 4 Apr 2022 16:38:09 +0200
Subject: [PATCH 2/2] installer: user: Remove useless filtering.

* gnu/installer/user.scm (users->configuration): Remove root account filtering
that is now performed in the "run-user-add-page" procedure.
---
 gnu/installer/user.scm | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/gnu/installer/user.scm b/gnu/installer/user.scm
index c894a91dc8..b042c9790d 100644
--- a/gnu/installer/user.scm
+++ b/gnu/installer/user.scm
@@ -69,10 +69,5 @@ (define (user->sexp user)
       (supplementary-groups '("wheel" "netdev"
                               "audio" "video"))))
 
-  `((users (cons*
-            ,@(filter-map (lambda (user)
-                            ;; Do not emit a 'user-account' form for "root".
-                            (and (not (string=? (user-name user) "root"))
-                                 (user->sexp user)))
-                          users)
-            %base-user-accounts))))
+  `((users (cons* ,@(map user->sexp users)
+                  %base-user-accounts))))
-- 
2.34.0
Information forwarded to bug-guix <at> gnu.org:
bug#54666; Package guix. (Tue, 05 Apr 2022 07:45:02 GMT) Full text and rfc822 format available.

Message #15 received at 54666 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludovic.courtes <at> inria.fr>
To: Mathieu Othacehe <othacehe <at> gnu.org>
Cc: 54666 <at> debbugs.gnu.org
Subject: Re: bug#54666: Installation without non-root user accounts
Date: Tue, 05 Apr 2022 09:44:32 +0200

Hello!

Mathieu Othacehe <othacehe <at> gnu.org> skribis:

> From 829c3c2543ffd7f9b22a5e1fb40f7627b2c76414 Mon Sep 17 00:00:00 2001
> From: Mathieu Othacehe <othacehe <at> gnu.org>
> Date: Mon, 4 Apr 2022 16:36:07 +0200
> Subject: [PATCH 1/2] installer: user: Forbid root user creation.
>
> Forbid root user creation as it could lead to a system without any
> non-priviledged user accouts.
>
> Fixes: <https://issues.guix.gnu.org/54666>.
>
> * gnu/installer/newt/user.scm (run-user-add-page): Forbid it.

[...]

> +                  (cond
> +                   ;; Empty field.
> +                   ((or (string=? name "")
> +                        (string=? home-directory ""))
> +                    (begin
> +                      (error-empty-field-page)
> +                      (run-user-add-page)))
> +                   ;; Reject root account.
> +                   ((root-account? name)
> +                    (begin
> +                      (error-root-page)
> +                      (run-user-add-page)))

Nitpick: you can omit ‘begin’ here.

> From cc32729700caa4b76d112b561a09dd0ff3ada768 Mon Sep 17 00:00:00 2001
> From: Mathieu Othacehe <othacehe <at> gnu.org>
> Date: Mon, 4 Apr 2022 16:38:09 +0200
> Subject: [PATCH 2/2] installer: user: Remove useless filtering.
>
> * gnu/installer/user.scm (users->configuration): Remove root account filtering
> that is now performed in the "run-user-add-page" procedure.

LGTM, thanks for the quick fix!

Ludo’.
Reply sent to Mathieu Othacehe <othacehe <at> gnu.org>:
You have taken responsibility. (Wed, 06 Apr 2022 19:22:01 GMT) Full text and rfc822 format available.
Notification sent to Ludovic Courtès <ludovic.courtes <at> inria.fr>:
bug acknowledged by developer. (Wed, 06 Apr 2022 19:22:01 GMT) Full text and rfc822 format available.

Message #20 received at 54666-done <at> debbugs.gnu.org (full text, mbox):

From: Mathieu Othacehe <othacehe <at> gnu.org>
To: Ludovic Courtès <ludovic.courtes <at> inria.fr>
Cc: 54666-done <at> debbugs.gnu.org
Subject: Re: bug#54666: Installation without non-root user accounts
Date: Wed, 06 Apr 2022 21:20:58 +0200

Hey!

> Nitpick: you can omit ‘begin’ here.

Fixed it before pushing, thanks for having a look.

Mathieu
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Thu, 05 May 2022 11:24:07 GMT) Full text and rfc822 format available.
This bug report was last modified 3 years and 48 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.