system-manager icon indicating copy to clipboard operation
system-manager copied to clipboard

Published 20 hours ago verified publisher icon numtide

Enable users thanks to userborn

Open JulienMalka opened this issue 2 months ago • 9 comments

Note: This is still a WIP

Essentially, we load the userborn module, and add the sysinit-reactivation target in a similar manner to NixOS. We restart that target at the beginning of the activation.

  • We are also bringing on sysusers, I am not sure if we should, as far as I understand it's because evaluating the userborn module requires it.

I also tried stripping the activationScripts feature from this PR but without much success so far.

JulienMalka avatar Sep 08 '25 20:09 JulienMalka

Great stuff!

I have some minor questions, maybe we can have a chat tomorrow?

r-vdp avatar Sep 09 '25 11:09 r-vdp

This might be an issue though:

https://github.com/nikstur/userborn/blob/main/rust%2Fuserborn%2Fsrc%2Fmain.rs#L129-146

r-vdp avatar Sep 09 '25 11:09 r-vdp

This might be an issue though:

https://github.com/nikstur/userborn/blob/main/rust%2Fuserborn%2Fsrc%2Fmain.rs#L129-146

I agree. I am not sure I 100% understand how userborn handles "impure" users/groups, I am trying to get a better understanding. This test show that is does in some way, but I am not sure exactly how yet. Available tomorrow to look at this if you want, I'll contact you privately for this.

JulienMalka avatar Sep 09 '25 13:09 JulienMalka

I have just realized that we end with a broken /etc/passwd (as we don't have /run/current-system [yet?]):

root:x:0:0:System administrator:/root:/run/current-system/sw/bin/bash
nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:/run/current-system/sw/bin/nologin

jfroche avatar Sep 17 '25 20:09 jfroche

I have just realized that we end with a broken /etc/passwd (as we don't have /run/current-system [yet?]):

root:x:0:0:System administrator:/root:/run/current-system/sw/bin/bash
nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:/run/current-system/sw/bin/nologin

There is an equivalent directory, but not the same because we want to support running system manager on nixos (mainly for easier testing). So we should just use the right path there.

r-vdp avatar Sep 17 '25 21:09 r-vdp

Interesting, I wonder where this thing is set in the module system. I wouldn't expect this to be hardcoded neither in userborn or in the users module, will check.

JulienMalka avatar Sep 18 '25 08:09 JulienMalka

This might be an issue though:

https://github.com/nikstur/userborn/blob/main/rust%2Fuserborn%2Fsrc%2Fmain.rs#L129-146

To this point, this is correct. I just pushed a commit with a failing test case that covers this issue. I also have a modification of userborn for which the test case succeeds, that I'll be submitting today upstream.

JulienMalka avatar Nov 02 '25 13:11 JulienMalka

I have just realized that we end with a broken /etc/passwd (as we don't have /run/current-system [yet?]):

root:x:0:0:System administrator:/root:/run/current-system/sw/bin/bash
nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:/run/current-system/sw/bin/nologin

To this point, I see that we can change the nologin path in userborn thanks to an env variable, but I think for the shell it may come for the module system directly, not sure exactly where it is set.

JulienMalka avatar Nov 02 '25 13:11 JulienMalka

Userborn change that introduces stateful users is submitted upstream: https://github.com/nikstur/userborn/pull/36

JulienMalka avatar Nov 02 '25 18:11 JulienMalka