From unknown Sun Jun 22 11:43:47 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#54666: Installation without non-root user accounts
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@inria.fr>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: m.othacehe@gmail.com, dev@jpoiret.xyz, bug-guix@gnu.org
Resent-Date: Fri, 01 Apr 2022 10:32:01 +0000
Resent-Message-ID: <handler.54666.B.164880910418287@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 54666
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 54666@debbugs.gnu.org
Cc: Mathieu Othacehe <m.othacehe@gmail.com>, Josselin Poiret <dev@jpoiret.xyz>
X-Debbugs-Original-To: bug-guix@gnu.org
X-Debbugs-Original-Xcc: Mathieu Othacehe <m.othacehe@gmail.com>, Josselin Poiret <dev@jpoiret.xyz>
Received: via spool by submit@debbugs.gnu.org id=B.164880910418287
          (code B ref -1); Fri, 01 Apr 2022 10:32:01 +0000
Received: (at submit) by debbugs.gnu.org; 1 Apr 2022 10:31:44 +0000
Received: from localhost ([127.0.0.1]:40958 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1naEZE-0004ks-0V
	for submit@debbugs.gnu.org; Fri, 01 Apr 2022 06:31:44 -0400
Received: from lists.gnu.org ([209.51.188.17]:54596)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludovic.courtes@inria.fr>) id 1naEZC-0004kj-O4
 for submit@debbugs.gnu.org; Fri, 01 Apr 2022 06:31:43 -0400
Received: from eggs.gnu.org ([209.51.188.92]:42802)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludovic.courtes@inria.fr>)
 id 1naEZC-0008Ff-4j
 for bug-guix@gnu.org; Fri, 01 Apr 2022 06:31:42 -0400
Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:15380)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludovic.courtes@inria.fr>)
 id 1naEZ8-0001ln-Qs
 for bug-guix@gnu.org; Fri, 01 Apr 2022 06:31:41 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc;
 h=from:to:subject:date:message-id:mime-version:
 content-transfer-encoding;
 bh=r4PINWUTDDSN5OoC02pKstPbJjLL47MiaDLy9dcmE70=;
 b=spW9ExD/2dRYu4LK72hnoZnZMZg+YMlDfOaJCdwmuneZwNrcJVuA1BrJ
 wEzrl+1P64HRAAyII/+KGTs7njFVCXXOv6/Rx93mhhDs9pOujpi1//pas
 WuPmXgOpRWGMhZ+FrmEXpoZiiyADe1oNvXlo7cEIhb9hhApYovXBycydg 4=;
Authentication-Results: mail2-relais-roc.national.inria.fr;
 dkim=none (message not signed) header.i=none;
 spf=SoftFail smtp.mailfrom=ludovic.courtes@inria.fr;
 dmarc=fail (p=none dis=none) d=inria.fr
X-IronPort-AV: E=Sophos;i="5.90,227,1643670000"; d="scan'208";a="29532376"
Received: from unknown (HELO ribbon) ([193.50.110.173])
 by mail2-relais-roc.national.inria.fr with
 ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2022 12:31:35 +0200
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@inria.fr>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 12 Germinal an 230 de la =?UTF-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Fri, 01 Apr 2022 12:31:34 +0200
Message-ID: <875yntnlh5.fsf@inria.fr>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=192.134.164.83;
 envelope-from=ludovic.courtes@inria.fr;
 helo=mail2-relais-roc.national.inria.fr
X-Spam_score_int: -43
X-Spam_score: -4.4
X-Spam_bar: ----
X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

Hello!

Using the installer, it=E2=80=99s possible to create a system config withou=
t any
non-root user accounts.  That=E2=80=99s a problem because then users end up
creating their account manually with =E2=80=98useradd=E2=80=99, which gets =
things wrong,
and things go awry.

To reproduce the issue, in the user page of the installer, add an
account for user =E2=80=9Croot=E2=80=9D.  That=E2=80=99s enough to fool thi=
s check:

     (when (null? users)
       (run-error-page (G_ "Please create at least one user.")
                       (G_ "No user"))
       (run users))

This =E2=80=9Croot=E2=80=9D account is then ignored:

  (define (users->configuration users)
    ;; =E2=80=A6
    `((users (cons*
              ,@(filter-map (lambda (user)
                              ;; Do not emit a 'user-account' form for "roo=
t".
                              (and (not (string=3D? (user-name user) "root"=
))
                                   (user->sexp user)))
                            users)
              %base-user-accounts))))

=E2=80=A6 and that=E2=80=99s how you end up with a config without normal us=
er accounts.

To address that, maybe =E2=80=98run-user-add-page=E2=80=99 should explicitl=
y reject
=E2=80=9Croot=E2=80=9D?

Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 01 07:44:39 2022
Received: (at control) by debbugs.gnu.org; 1 Apr 2022 11:44:39 +0000
Received: from localhost ([127.0.0.1]:41037 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1naFhY-0001L9-Ay
	for submit@debbugs.gnu.org; Fri, 01 Apr 2022 07:44:39 -0400
Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:65063)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1naFhV-0001Kx-MP
 for control@debbugs.gnu.org; Fri, 01 Apr 2022 07:44:22 -0400
Authentication-Results: mail2-relais-roc.national.inria.fr;
 dkim=none (message not signed) header.i=none;
 spf=SoftFail smtp.mailfrom=ludo@gnu.org;
 dmarc=fail (p=none dis=none) d=gnu.org
X-IronPort-AV: E=Sophos;i="5.90,227,1643670000"; d="scan'208";a="29547248"
Received: from unknown (HELO ribbon) ([193.50.110.173])
 by mail2-relais-roc.national.inria.fr with
 ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2022 13:44:15 +0200
Date: Fri, 01 Apr 2022 13:44:14 +0200
Message-Id: <874k3dni41.fsf@gnu.org>
To: control@debbugs.gnu.org
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
Subject: control message for bug #54666
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.0 (/)

severity 54666 important
quit





From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 01 07:44:48 2022
Received: (at control) by debbugs.gnu.org; 1 Apr 2022 11:44:48 +0000
Received: from localhost ([127.0.0.1]:41040 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1naFhw-0001Lq-Ee
	for submit@debbugs.gnu.org; Fri, 01 Apr 2022 07:44:48 -0400
Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:65086)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1naFhu-0001Lc-J7
 for control@debbugs.gnu.org; Fri, 01 Apr 2022 07:44:46 -0400
Authentication-Results: mail2-relais-roc.national.inria.fr;
 dkim=none (message not signed) header.i=none;
 spf=SoftFail smtp.mailfrom=ludo@gnu.org;
 dmarc=fail (p=none dis=none) d=gnu.org
X-IronPort-AV: E=Sophos;i="5.90,227,1643670000"; d="scan'208";a="29547313"
Received: from unknown (HELO ribbon) ([193.50.110.173])
 by mail2-relais-roc.national.inria.fr with
 ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2022 13:44:41 +0200
Date: Fri, 01 Apr 2022 13:44:40 +0200
Message-Id: <8735ixni3b.fsf@gnu.org>
To: control@debbugs.gnu.org
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
Subject: control message for bug #53214
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

block 53214 by 54666
quit





From unknown Sun Jun 22 11:43:47 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#54666: Installation without non-root user accounts
Resent-From: Mathieu Othacehe <othacehe@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Mon, 04 Apr 2022 15:19:01 +0000
Resent-Message-ID: <handler.54666.B54666.16490855317341@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 54666
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@inria.fr>
Cc: 54666@debbugs.gnu.org
Received: via spool by 54666-submit@debbugs.gnu.org id=B54666.16490855317341
          (code B ref 54666); Mon, 04 Apr 2022 15:19:01 +0000
Received: (at 54666) by debbugs.gnu.org; 4 Apr 2022 15:18:51 +0000
Received: from localhost ([127.0.0.1]:52646 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nbOTj-0001uL-BG
	for submit@debbugs.gnu.org; Mon, 04 Apr 2022 11:18:51 -0400
Received: from eggs.gnu.org ([209.51.188.92]:46982)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <othacehe@gnu.org>) id 1nbOTh-0001u3-R6
 for 54666@debbugs.gnu.org; Mon, 04 Apr 2022 11:18:50 -0400
Received: from [2001:470:142:3::e] (port=34522 helo=fencepost.gnu.org)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <othacehe@gnu.org>)
 id 1nbOTc-0004YZ-4o; Mon, 04 Apr 2022 11:18:44 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=QWTJGUgygINKICGvrwzCb2qRaQKbq4iAllic9tSWRbU=; b=o041C0psfZWQd4Qcs6vh
 IRnyXYqnfEwCiMOPB1ybpe7CfrA8k3xgyyAQZA3Ofrx+Ko3L2cwXWmCAprpL42OJF+sNwqUaXV6sK
 ITvnEYz3eVyFx+RSEX89IwGBqHEUPpynUWwITInYVFDP9IG6+bGQ52VKGtH3nZQjoTpd8QoWWZ1UW
 dWM9HWTr3sg8ClU9ZLdqpqg8O9uMjmgtaugHuytzkbdGBWvc1HrVC27IGLPRnoDT1V6v74zHw6MmP
 7TZddyuf1EmxBVegazP2fhZhZXdri6ACJjO8hQ1rXAd2Faz4JwhYXZZYYIKOkmy9MoFRnB8WHFtTk
 HrjwvcBp3Gk00g==;
Received: from [2a01:cb14:842f:7800:fd43:35:e61f:d16d] (port=52820 helo=meije)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1)
 (envelope-from <othacehe@gnu.org>)
 id 1nbOTb-00024v-NW; Mon, 04 Apr 2022 11:18:43 -0400
From: Mathieu Othacehe <othacehe@gnu.org>
References: <875yntnlh5.fsf@inria.fr>
Date: Mon, 04 Apr 2022 17:18:42 +0200
In-Reply-To: <875yntnlh5.fsf@inria.fr> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Fri, 01 Apr 2022 12:31:34 +0200")
Message-ID: <87k0c4swq5.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Hey Ludo,

> To address that, maybe =E2=80=98run-user-add-page=E2=80=99 should explici=
tly reject
> =E2=80=9Croot=E2=80=9D?

Here are two patches that should fix this issue :).

Thanks,

Mathieu

--=-=-=
Content-Type: text/x-patch
Content-Disposition: inline;
 filename=0001-installer-user-Forbid-root-user-creation.patch

>From 829c3c2543ffd7f9b22a5e1fb40f7627b2c76414 Mon Sep 17 00:00:00 2001
From: Mathieu Othacehe <othacehe@gnu.org>
Date: Mon, 4 Apr 2022 16:36:07 +0200
Subject: [PATCH 1/2] installer: user: Forbid root user creation.

Forbid root user creation as it could lead to a system without any
non-priviledged user accouts.

Fixes: <https://issues.guix.gnu.org/54666>.

* gnu/installer/newt/user.scm (run-user-add-page): Forbid it.
---
 gnu/installer/newt/user.scm | 51 ++++++++++++++++++++++++-------------
 1 file changed, 33 insertions(+), 18 deletions(-)

diff --git a/gnu/installer/newt/user.scm b/gnu/installer/newt/user.scm
index 7c1cc2249d..98b1f5ae9a 100644
--- a/gnu/installer/newt/user.scm
+++ b/gnu/installer/newt/user.scm
@@ -40,6 +40,9 @@ (define* (run-user-add-page #:key (name "") (real-name "")
   (define (pad-label label)
     (string-pad-right label 25))
 
+  (define (root-account? name)
+    (string=? name "root"))
+
   (let* ((label-name
           (make-label -1 -1 (pad-label (G_ "Name"))))
          (label-real-name
@@ -116,10 +119,14 @@ (define (pad-label label)
                                GRID-ELEMENT-SUBGRID button-grid)
                               title)
 
-    (let ((error-page
+    (let ((error-empty-field-page
            (lambda ()
              (run-error-page (G_ "Empty inputs are not allowed.")
-                             (G_ "Empty input")))))
+                             (G_ "Empty input"))))
+          (error-root-page
+           (lambda ()
+             (run-error-page (G_ "Root account is automatically created.")
+                             (G_ "Root account")))))
       (receive (exit-reason argument)
           (run-form form)
         (dynamic-wind
@@ -132,22 +139,30 @@ (define (pad-label label)
                       (real-name      (entry-value entry-real-name))
                       (home-directory (entry-value entry-home-directory))
                       (password       (entry-value entry-password)))
-                  (if (or (string=? name "")
-                          (string=? home-directory ""))
-                      (begin
-                        (error-page)
-                        (run-user-add-page))
-                      (let ((password (confirm-password password)))
-                        (if password
-                            (user
-                             (name name)
-                             (real-name real-name)
-                             (home-directory home-directory)
-                             (password (make-secret password)))
-                            (run-user-add-page #:name name
-                                               #:real-name real-name
-                                               #:home-directory
-                                               home-directory)))))))))
+                  (cond
+                   ;; Empty field.
+                   ((or (string=? name "")
+                        (string=? home-directory ""))
+                    (begin
+                      (error-empty-field-page)
+                      (run-user-add-page)))
+                   ;; Reject root account.
+                   ((root-account? name)
+                    (begin
+                      (error-root-page)
+                      (run-user-add-page)))
+                   (else
+                    (let ((password (confirm-password password)))
+                      (if password
+                          (user
+                           (name name)
+                           (real-name real-name)
+                           (home-directory home-directory)
+                           (password (make-secret password)))
+                          (run-user-add-page #:name name
+                                             #:real-name real-name
+                                             #:home-directory
+                                             home-directory))))))))))
           (lambda ()
             (destroy-form-and-pop form)))))))
 
-- 
2.34.0


--=-=-=
Content-Type: text/x-patch
Content-Disposition: inline;
 filename=0002-installer-user-Remove-useless-filtering.patch

>From cc32729700caa4b76d112b561a09dd0ff3ada768 Mon Sep 17 00:00:00 2001
From: Mathieu Othacehe <othacehe@gnu.org>
Date: Mon, 4 Apr 2022 16:38:09 +0200
Subject: [PATCH 2/2] installer: user: Remove useless filtering.

* gnu/installer/user.scm (users->configuration): Remove root account filtering
that is now performed in the "run-user-add-page" procedure.
---
 gnu/installer/user.scm | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/gnu/installer/user.scm b/gnu/installer/user.scm
index c894a91dc8..b042c9790d 100644
--- a/gnu/installer/user.scm
+++ b/gnu/installer/user.scm
@@ -69,10 +69,5 @@ (define (user->sexp user)
       (supplementary-groups '("wheel" "netdev"
                               "audio" "video"))))
 
-  `((users (cons*
-            ,@(filter-map (lambda (user)
-                            ;; Do not emit a 'user-account' form for "root".
-                            (and (not (string=? (user-name user) "root"))
-                                 (user->sexp user)))
-                          users)
-            %base-user-accounts))))
+  `((users (cons* ,@(map user->sexp users)
+                  %base-user-accounts))))
-- 
2.34.0


--=-=-=--




From unknown Sun Jun 22 11:43:47 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#54666: Installation without non-root user accounts
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@inria.fr>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Tue, 05 Apr 2022 07:45:02 +0000
Resent-Message-ID: <handler.54666.B54666.16491446812418@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 54666
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Mathieu Othacehe <othacehe@gnu.org>
Cc: 54666@debbugs.gnu.org
Received: via spool by 54666-submit@debbugs.gnu.org id=B54666.16491446812418
          (code B ref 54666); Tue, 05 Apr 2022 07:45:02 +0000
Received: (at 54666) by debbugs.gnu.org; 5 Apr 2022 07:44:41 +0000
Received: from localhost ([127.0.0.1]:53677 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nbdrl-0000cv-Jv
	for submit@debbugs.gnu.org; Tue, 05 Apr 2022 03:44:41 -0400
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:62822)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludovic.courtes@inria.fr>) id 1nbdrj-0000ca-7N
 for 54666@debbugs.gnu.org; Tue, 05 Apr 2022 03:44:39 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc;
 h=from:to:cc:subject:references:date:in-reply-to:
 message-id:mime-version:content-transfer-encoding;
 bh=6bHMhHJ6fQwBKEg/ieCr7wyjlQsR9g8rjHu5JIeCU98=;
 b=E4q8O6rpnPzt4W+mL9YJlRgI7ynSDUT9MxC+aSpw2H7LJtdkZBuTUFmW
 KrPO8LesAntrFHAIu/x1LCQMiiZlbXm7BaEKExSid/WFoYe1EFcoeWMMO
 wUGe1n0DWkrUWPeatIbS40CZ/TcZOAOk1eF67zU2lcwPyG6jBGqXTku1x A=;
Authentication-Results: mail3-relais-sop.national.inria.fr;
 dkim=none (message not signed) header.i=none;
 spf=SoftFail smtp.mailfrom=ludovic.courtes@inria.fr;
 dmarc=fail (p=none dis=none) d=inria.fr
X-IronPort-AV: E=Sophos;i="5.90,236,1643670000"; d="scan'208";a="10585790"
Received: from unknown (HELO ribbon) ([193.50.110.173])
 by mail3-relais-sop.national.inria.fr with
 ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Apr 2022 09:44:34 +0200
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@inria.fr>
References: <875yntnlh5.fsf@inria.fr> <87k0c4swq5.fsf@gnu.org>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 16 Germinal an 230 de la =?UTF-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Tue, 05 Apr 2022 09:44:32 +0200
In-Reply-To: <87k0c4swq5.fsf@gnu.org> (Mathieu Othacehe's message of "Mon, 04
 Apr 2022 17:18:42 +0200")
Message-ID: <87r16cq8in.fsf@inria.fr>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hello!

Mathieu Othacehe <othacehe@gnu.org> skribis:

> From 829c3c2543ffd7f9b22a5e1fb40f7627b2c76414 Mon Sep 17 00:00:00 2001
> From: Mathieu Othacehe <othacehe@gnu.org>
> Date: Mon, 4 Apr 2022 16:36:07 +0200
> Subject: [PATCH 1/2] installer: user: Forbid root user creation.
>
> Forbid root user creation as it could lead to a system without any
> non-priviledged user accouts.
>
> Fixes: <https://issues.guix.gnu.org/54666>.
>
> * gnu/installer/newt/user.scm (run-user-add-page): Forbid it.

[...]

> +                  (cond
> +                   ;; Empty field.
> +                   ((or (string=3D? name "")
> +                        (string=3D? home-directory ""))
> +                    (begin
> +                      (error-empty-field-page)
> +                      (run-user-add-page)))
> +                   ;; Reject root account.
> +                   ((root-account? name)
> +                    (begin
> +                      (error-root-page)
> +                      (run-user-add-page)))

Nitpick: you can omit =E2=80=98begin=E2=80=99 here.

> From cc32729700caa4b76d112b561a09dd0ff3ada768 Mon Sep 17 00:00:00 2001
> From: Mathieu Othacehe <othacehe@gnu.org>
> Date: Mon, 4 Apr 2022 16:38:09 +0200
> Subject: [PATCH 2/2] installer: user: Remove useless filtering.
>
> * gnu/installer/user.scm (users->configuration): Remove root account filt=
ering
> that is now performed in the "run-user-add-page" procedure.

LGTM, thanks for the quick fix!

Ludo=E2=80=99.




From unknown Sun Jun 22 11:43:47 2025
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
X-Loop: help-debbugs@gnu.org
From: help-debbugs@gnu.org (GNU bug Tracking System)
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@inria.fr>
Subject: bug#54666: closed (Re: bug#54666: Installation without non-root
 user accounts)
Message-ID: <handler.54666.D54666.164927287311348.notifdone@debbugs.gnu.org>
References: <87y20iyq5h.fsf@gnu.org> <875yntnlh5.fsf@inria.fr>
X-Gnu-PR-Message: they-closed 54666
X-Gnu-PR-Package: guix
Reply-To: 54666@debbugs.gnu.org
Date: Wed, 06 Apr 2022 19:22:01 +0000
Content-Type: multipart/mixed; boundary="----------=_1649272921-11418-1"

This is a multi-part message in MIME format...

------------=_1649272921-11418-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Your bug report

#54666: Installation without non-root user accounts

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 54666@debbugs.gnu.org.

--=20
54666: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D54666
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems

------------=_1649272921-11418-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at 54666-done) by debbugs.gnu.org; 6 Apr 2022 19:21:13 +0000
Received: from localhost ([127.0.0.1]:59174 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1ncBDM-0002wx-GQ
	for submit@debbugs.gnu.org; Wed, 06 Apr 2022 15:21:13 -0400
Received: from eggs.gnu.org ([209.51.188.92]:33924)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <othacehe@gnu.org>) id 1ncBDH-0002wh-EJ
 for 54666-done@debbugs.gnu.org; Wed, 06 Apr 2022 15:21:11 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:33842)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <othacehe@gnu.org>)
 id 1ncBDB-0004Pc-5t; Wed, 06 Apr 2022 15:21:01 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=Wc/xpMeNTzcNiA7+5PcQCswoVifeulXyTUa8oWTO0eA=; b=V5285PM8W7rkuY7IPVcQ
 zD8vrWftUZTrzOUKc67blDzWgN5juBUxYbF/2jrCyVejffiUEMTdc3Imt1+MUQEh7YkWcFrOty7ih
 QYQHb6AxVO7IoPD8nUQ8Z9RTTobKPIskAzobPhr01XGGGhUu6jl4LhukFqec919OGQ7uZmIxrmRR5
 b1TOLLTaIjjN1G2GJvsCSxlq3XXi4yPSYoLPe0aVmi+05bYQPCl1apA3nWkEVpI4udayxKhRUkNPY
 CGNiXvu6axtuZV/Rmf5m/4tKHM2Z0KVsnzeEKXKwIbkVtOm1TEQDL/+UOrSN6tqMgMP2SrEFo2SUx
 Gub8U3zp3dTF/g==;
Received: from [2a01:cb14:842f:7800:fd43:35:e61f:d16d] (port=52836 helo=meije)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1)
 (envelope-from <othacehe@gnu.org>)
 id 1ncBDA-0005fS-Kj; Wed, 06 Apr 2022 15:21:01 -0400
From: Mathieu Othacehe <othacehe@gnu.org>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludovic.courtes@inria.fr>
Subject: Re: bug#54666: Installation without non-root user accounts
References: <875yntnlh5.fsf@inria.fr> <87k0c4swq5.fsf@gnu.org>
 <87r16cq8in.fsf@inria.fr>
Date: Wed, 06 Apr 2022 21:20:58 +0200
In-Reply-To: <87r16cq8in.fsf@inria.fr> ("Ludovic =?utf-8?Q?Court=C3=A8s=22?=
 =?utf-8?Q?'s?= message of "Tue, 05 Apr 2022 09:44:32 +0200")
Message-ID: <87y20iyq5h.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 54666-done
Cc: 54666-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)


Hey!

> Nitpick: you can omit =E2=80=98begin=E2=80=99 here.

Fixed it before pushing, thanks for having a look.

Mathieu


------------=_1649272921-11418-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by debbugs.gnu.org; 1 Apr 2022 10:31:44 +0000
Received: from localhost ([127.0.0.1]:40958 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1naEZE-0004ks-0V
	for submit@debbugs.gnu.org; Fri, 01 Apr 2022 06:31:44 -0400
Received: from lists.gnu.org ([209.51.188.17]:54596)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludovic.courtes@inria.fr>) id 1naEZC-0004kj-O4
 for submit@debbugs.gnu.org; Fri, 01 Apr 2022 06:31:43 -0400
Received: from eggs.gnu.org ([209.51.188.92]:42802)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludovic.courtes@inria.fr>)
 id 1naEZC-0008Ff-4j
 for bug-guix@gnu.org; Fri, 01 Apr 2022 06:31:42 -0400
Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:15380)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludovic.courtes@inria.fr>)
 id 1naEZ8-0001ln-Qs
 for bug-guix@gnu.org; Fri, 01 Apr 2022 06:31:41 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc;
 h=from:to:subject:date:message-id:mime-version:
 content-transfer-encoding;
 bh=r4PINWUTDDSN5OoC02pKstPbJjLL47MiaDLy9dcmE70=;
 b=spW9ExD/2dRYu4LK72hnoZnZMZg+YMlDfOaJCdwmuneZwNrcJVuA1BrJ
 wEzrl+1P64HRAAyII/+KGTs7njFVCXXOv6/Rx93mhhDs9pOujpi1//pas
 WuPmXgOpRWGMhZ+FrmEXpoZiiyADe1oNvXlo7cEIhb9hhApYovXBycydg 4=;
Authentication-Results: mail2-relais-roc.national.inria.fr;
 dkim=none (message not signed) header.i=none;
 spf=SoftFail smtp.mailfrom=ludovic.courtes@inria.fr;
 dmarc=fail (p=none dis=none) d=inria.fr
X-IronPort-AV: E=Sophos;i="5.90,227,1643670000"; d="scan'208";a="29532376"
Received: from unknown (HELO ribbon) ([193.50.110.173])
 by mail2-relais-roc.national.inria.fr with
 ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2022 12:31:35 +0200
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@inria.fr>
To: bug-guix@gnu.org
Subject: Installation without non-root user accounts
X-Debbugs-Cc: Mathieu Othacehe <m.othacehe@gmail.com>, Josselin Poiret
 <dev@jpoiret.xyz>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 12 Germinal an 230 de la =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Fri, 01 Apr 2022 12:31:34 +0200
Message-ID: <875yntnlh5.fsf@inria.fr>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=192.134.164.83;
 envelope-from=ludovic.courtes@inria.fr;
 helo=mail2-relais-roc.national.inria.fr
X-Spam_score_int: -43
X-Spam_score: -4.4
X-Spam_bar: ----
X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

Hello!

Using the installer, it=E2=80=99s possible to create a system config withou=
t any
non-root user accounts.  That=E2=80=99s a problem because then users end up
creating their account manually with =E2=80=98useradd=E2=80=99, which gets =
things wrong,
and things go awry.

To reproduce the issue, in the user page of the installer, add an
account for user =E2=80=9Croot=E2=80=9D.  That=E2=80=99s enough to fool thi=
s check:

     (when (null? users)
       (run-error-page (G_ "Please create at least one user.")
                       (G_ "No user"))
       (run users))

This =E2=80=9Croot=E2=80=9D account is then ignored:

  (define (users->configuration users)
    ;; =E2=80=A6
    `((users (cons*
              ,@(filter-map (lambda (user)
                              ;; Do not emit a 'user-account' form for "roo=
t".
                              (and (not (string=3D? (user-name user) "root"=
))
                                   (user->sexp user)))
                            users)
              %base-user-accounts))))

=E2=80=A6 and that=E2=80=99s how you end up with a config without normal us=
er accounts.

To address that, maybe =E2=80=98run-user-add-page=E2=80=99 should explicitl=
y reject
=E2=80=9Croot=E2=80=9D?

Ludo=E2=80=99.



------------=_1649272921-11418-1--