[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] base: Handle nonexistent user home directories.
From: |
Dale Mellor |
Subject: |
Re: [PATCH v2] base: Handle nonexistent user home directories. |
Date: |
Fri, 03 Sep 2021 13:26:11 +0100 |
User-agent: |
Evolution 3.38.3-1 |
On Tue, 2021-08-17 at 19:23 -0400, Maxim Cournoyer wrote:
> This is useful for running jobs as the "nobody" user, for
> example.
>
> * src/mcron/base.scm (run-job): Catch the ENOENT (2, "No such
> file or
> directory") error when attempting to change directory to the
> user home
> directory.
> ---
> src/mcron/base.scm | 12 +++++++++++-
> 1 file changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/src/mcron/base.scm b/src/mcron/base.scm
> index f7b727d..037a9b7 100644
> --- a/src/mcron/base.scm
> +++ b/src/mcron/base.scm
> @@ -182,7 +182,17 @@ next value."
> (λ ()
> (setgid (passwd:gid (job:user job)))
> (setuid (passwd:uid (job:user job)))
> - (chdir (passwd:dir (job:user job)))
> + ;; Handle the case where the home directory points
> to a nonexistent
> + ;; location, as can be the case when running the job
> as the "nobody"
> + ;; user.
> + (catch 'system-error
> + (lambda ()
> + (chdir (passwd:dir (job:user job))))
> + (lambda args
> + (let ((errno (system-error-errno args)))
> + (cond
> + ((= ENOENT errno) (chdir "/"))
> + (else (throw 'system-error args))))))
> (modify-environment (job:environment job) (job:user
> job))
> ((job:action job)))
> (λ ()
Hmmm, this smells a bit to me. I'd be interested to hear from
Guix developers their opinion on if there is really a case for
allowing the nobody user to run cron jobs. I would have thought
that the case would be better handled by a dedicated user for the
purpose. There is also the problem that mcron scripts may become
unstable: if one relies on "/" being the working directory, and
suddenly a real home directory appears, the script will cease to
function. If it is really desired, I think an explicit test for
the nobody user needs to go into the patch, but I really think
that failure with a system error is the most appropriate action
here.
Dale
- Re: [PATCH v2] base: Handle nonexistent user home directories.,
Dale Mellor <=