mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
From: Michael Olbrich <m.olbrich@pengutronix.de>
To: "ptxdist@pengutronix.de" <ptxdist@pengutronix.de>
Subject: Re: [ptxdist] Resend: Home dir fixup for root in systemd
Date: Wed, 27 Jul 2016 11:04:15 +0200	[thread overview]
Message-ID: <20160727090415.GQ13559@pengutronix.de> (raw)
In-Reply-To: <20160727105514.29ae34e4@erd980>

On Wed, Jul 27, 2016 at 10:55:14AM +0200, David Jander wrote:
> On Wed, 27 Jul 2016 08:55:13 +0200
> Michael Olbrich <m.olbrich@pengutronix.de> wrote:
> 
> > Hi,
> > 
> > On Tue, Jul 26, 2016 at 04:00:34PM +0200, David Jander wrote:
> > > On Tue, 26 Jul 2016 15:19:59 +0200
> > > Guillermo Rodriguez Garcia <guille.rodriguez@gmail.com> wrote:
> > >   
> > > > Wouldn't it be easier to either use a custom /etc/passwd, or create a /root
> > > > dir in the filesystem ? That sounds better than patching systemd.  
> > > 
> > > Maybe it would be better to change the default /etc/passwd (and everywhere
> > > else) in ptxdist then...
> > > 
> > > The problem is that what /etc/passwd says is mandatory. The home directory has
> > > a special meaning to the user. You can get to the home directory via $HOME
> > > passed in the environment, or via the NS-switch (getent) lookup. They are
> > > supposed to be the same.
> > > systemd has hardcoded defaults in source-code, which by definition is ugly as
> > > hell, but the reason is clearly to avoid potentially expensive, blocking
> > > NSS-lookups in the early boot stages, so it is understandable. It would be a
> > > lot better if there was some configuration setting read from a file I guess,
> > > but alas.
> > > On PTXdist now (with the default, shipped /etc/passwd), a user logging in as
> > > "root" via, say a serial console getty, will have a different $HOME than a
> > > systemd service started with User=root. This is bad, and can potentially do
> > > funny things people will not like.
> > > To solve the problem, there are really only two options AFAICS:
> > > 
> > >  1.- Change PTXdist and all places in it that assume the $HOME=/home for root.
> > >  No idea how many places that are, nor how many users already depend on this
> > >  historic assumption.
> > > 
> > > or
> > > 
> > >  2.- Patch systemd to adapt to the reality of PTXdist.
> > > 
> > > I agree that option 1 is probably better if PTXdist is more or less the only
> > > place on earth left where $HOME != /root for uid=0. Historically on Unix it
> > > used to be "/", but that is just way too ugly (guess where the name "root"
> > > came from?).
> > > 
> > > Using a custom /etc/passwd is not an option, because the default PTXdist stays
> > > broken this way.
> > > 
> > > Creating a /root dir is also broken, because like I explained above, the root
> > > user will become schizophrenic when logging in and running services from
> > > systemd alternately. Think about a user logging in, starting a tool that
> > > writes a config files to ~/.bla, and then configuring the same tool to run as a
> > > system service. I would (did!) get slightly mad when finding the tool to run
> > > with a totally different configuration in the latter case.  
> > 
> > Unless someone comes up with a really good reason, then I think we should go
> > with option 2. I have actually considered making the change in the past
> > just to be consistent. But I never got around to do it.
> > I didn't notice this problem, probably because my rootfs is usually
> > read-only, and /root and /home are both empty.
> > 
> > It would be great if some more people would speak up. Such a change can
> > potentially break things, so I'd like to know what others are thinking.
> 
> Ok, just so we understand each other, you propose to go with my original patch
> in this case (i.e. patch systemd to assume $HOME=/home), right?
> In case nobody speaks up against it, will you pick it up as-is, or should I
> make a correct patch (i.e. learn how to properly use git-ptxdist-patch to
> generate a correct series file) and post it here?

Sorry no. That was a typo :-/. I meant change the home directory for root
to /root, so option 1. I should not write mails that early in the morning
:-).

Michael

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

  reply	other threads:[~2016-07-27  9:04 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-26 12:09 David Jander
2016-07-26 13:19 ` Guillermo Rodriguez Garcia
2016-07-26 14:00   ` David Jander
2016-07-26 15:13     ` Ben Stuyts
2016-07-27  5:41       ` David Jander
2016-07-26 17:50     ` Guillermo Rodriguez Garcia
2016-07-27  5:51       ` David Jander
2016-07-27 12:04         ` Guillermo Rodriguez Garcia
2016-07-27  6:55     ` Michael Olbrich
2016-07-27  8:55       ` David Jander
2016-07-27  9:04         ` Michael Olbrich [this message]
2016-07-27  9:11         ` Artur Wiebe
2016-07-27  9:29           ` David Jander
2016-07-27 10:43             ` Michael Olbrich
2016-07-27 11:24               ` David Jander
2016-07-29  8:07       ` Tim Sander

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160727090415.GQ13559@pengutronix.de \
    --to=m.olbrich@pengutronix.de \
    --cc=ptxdist@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox