GNU bug report logs - #77413
[PATCH] services: postgresql-service-type: Allow allowing to log into the user.

Previous Next

Package: guix-patches;

Reported by: Tomas Volf <~@wolfsden.cz>

Date: Mon, 31 Mar 2025 19:28:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #20 received at 77413 <at> debbugs.gnu.org (full text, mbox):

From: Tomas Volf <~@wolfsden.cz>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 77413 <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Subject: Re: [bug#77413] [PATCH] services: postgresql-service-type: Allow
 allowing to log into the user.
Date: Thu, 03 Apr 2025 11:45:49 +0200

Ludovic Courtès <ludo <at> gnu.org> writes:

> Hi,
>
> Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis:
>
>> Tomas Volf <~@wolfsden.cz> writes:
>>
>>> It is often useful to be able to use the `postgres' user for management tasks,
>>> so this commit allows setting that.  The default behavior is not changed.
>>>
>>> I have also added missing exports and sorted them by alphabet.
>>>
>>> * gnu/services/databases.scm (%default-home-directory): New variable.
>>> (<postgresql-configuration>): Add home-directory, allow-login? fields.
>>> (create-postgresql-account): Use them.
>>> * doc/guix.texi (Database Services): Document it.
>>>
>>> Change-Id: I2212e5082ff4e87c49a5a8a4711bf929dd08626a
>>
>> I've read both of your answers, and I agree that this adds more
>> flexibility without touching the default behavior or security
>> implications, so I think it's reasonable.
>>
>> Ludovic, please let us know what you think after reading Thomas' last
>> reply.
>
> I’m fine with going that route since it make things more convenient, but
> I think the manual should warn against using (allow-login? #t) in
> production.

I am willing to make that concession, however before I send a v2, would
you be able to give few reasons why you think it is a bad idea?  I
believe the manual should justify the recommendation, and I am currently
unsure how.

It is common across other distributions to use real shell as a shell for
the postgres user (I have checked Archlinux, Debian and Alpine), all of
them are (to at least some degree) suitable for production systems.  The
link you have shared for cuirass expects the user can use sudo, so at
that point sudo -s can be used.  In various productions systems I have
worked with, the postgres user was allowed to be logged into (possibly
due to running on Debian/Ubuntu).

So I am having somewhat hard time coming up with a one or two concise
reasons to put into the manual.

Thanks,
Tomas

-- 
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
This bug report was last modified 13 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.