[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] base: Handle nonexistent user home directories.
From: |
Maxim Cournoyer |
Subject: |
Re: [PATCH v2] base: Handle nonexistent user home directories. |
Date: |
Mon, 20 Sep 2021 22:13:01 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hello Dale,
Sorry for the delayed answer; your replies hadn't landed in my INBOX
(they went straight to my 'bug-mcron' mailing list directory). If you
keep my address in the reply (wide reply), I can hopefully manage a
shorter reply time :-).
Dale Mellor <mcron-lsfnyl@rdmp.org> writes:
> On Tue, 2021-08-17 at 19:23 -0400, Maxim Cournoyer wrote:
>> This is useful for running jobs as the "nobody" user, for
>> example.
>>
>> * src/mcron/base.scm (run-job): Catch the ENOENT (2, "No such
>> file or
>> directory") error when attempting to change directory to the
>> user home
>> directory.
>> ---
>> src/mcron/base.scm | 12 +++++++++++-
>> 1 file changed, 11 insertions(+), 1 deletion(-)
>>
>> diff --git a/src/mcron/base.scm b/src/mcron/base.scm
>> index f7b727d..037a9b7 100644
>> --- a/src/mcron/base.scm
>> +++ b/src/mcron/base.scm
>> @@ -182,7 +182,17 @@ next value."
>> (λ ()
>> (setgid (passwd:gid (job:user job)))
>> (setuid (passwd:uid (job:user job)))
>> - (chdir (passwd:dir (job:user job)))
>> + ;; Handle the case where the home directory points
>> to a nonexistent
>> + ;; location, as can be the case when running the job
>> as the "nobody"
>> + ;; user.
>> + (catch 'system-error
>> + (lambda ()
>> + (chdir (passwd:dir (job:user job))))
>> + (lambda args
>> + (let ((errno (system-error-errno args)))
>> + (cond
>> + ((= ENOENT errno) (chdir "/"))
>> + (else (throw 'system-error args))))))
>> (modify-environment (job:environment job) (job:user
>> job))
>> ((job:action job)))
>> (λ ()
>
> Hmmm, this smells a bit to me. I'd be interested to hear from Guix
> developers their opinion on if there is really a case for allowing the
> nobody user to run cron jobs. I would have thought that the case
> would be better handled by a dedicated user for the purpose.
My use case here was making some network enabled job (it's a job that
updates my dynamic IP address with some dyndns service by issuing an
HTTP get) a bit more secure (ensuring the process wouldn't have
read-access to the whole of my $HOME directory) by not running it as my
own user.
Creating a dedicated user for it would probably be the best/safest
approach, but using the nobody user seemed like a positive change
already for zero extra complication (creating a new user). Was it
misguided? Too lazy? :-)
> There is also the problem that mcron scripts may become unstable: if
> one relies on "/" being the working directory, and suddenly a real
> home directory appears, the script will cease to function.
It's true that it introduces a special case; but it seems to me that the
nobody user *is* special hence it is reasonable; it shall be documented
though.
> If it is really desired, I think an explicit test for the nobody user
> needs to go into the patch, but I really think that failure with a
> system error is the most appropriate action here.
I don't mind to write one after we decide if it makes sense or not :-).
Thank you,
Maxim