Ludovic Courtès writes: > Hello Guix! > > We recently discussed handling of the ‘shell’ field of ‘user-account’: > > https://lists.gnu.org/archive/html/help-guix/2019-04/msg00171.html > > As I wrote there, starting with the switch to (gnu build accounts) in > 0ae735bcc8ff7fdc89d67b492bdee9091ee19e86, user shells are considered > “state”. Before they were “config”: ‘guix system reconfigure’ would > always reset the user shells. > > Considering user shells as state seemed like a good idea because, on a > multi-user system, you’d rather let user invoke ‘chsh’ than have root > reconfigure the system just to change the user’s shell. The patches > below document that. > > However, thinking more about it, I’m not sure if considering shells as > state is such a good idea, for several reasons: > > 1. It’s surprising that ‘guix system reconfigure’ doesn’t actually > change the shell, as Tanguy reported.
As a new user of Guix System I was recently surprised by this as well. I was expecting the shell to be managed by configuration. https://lists.gnu.org/archive/html/help-guix/2019-03/msg00089.html > 2. ‘chsh’ restricts users to the shells listed in /etc/shells anyway, > which is the combination of all the ‘shell’ fields, currently. > > Given this restriction, you might just as well ask the admin to > change the shell for you. > > 3. It’s easy to end up with a shell that’s eventually GC’d. > > Scenario #1: your shell is initially set to > /gnu/store/…-bash/bin/bash, which at the time is GC-protected > (listed in /etc/shells, etc.). However, later, this specific Bash > variant is GC’d, and boom, you’re left with nothing. > > Scenario #2: you set your shell to > /run/current-system/profile/bin/zsh, which is GC-protected, but > eventually the admin removes zsh for the global profile. > > All in all, I’m in favor of switching back to the previous behavior: > considering user shells as system config. That’s a one-line change in > (gnu build accounts). > > Thoughts? > > Ludo’. > > From d1586f0c77cf63d0259cca9fc50c210c584529b3 Mon Sep 17 00:00:00 2001 > From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <l...@gnu.org> > Date: Thu, 25 Apr 2019 12:10:06 +0200 > Subject: [PATCH 1/2] system: Add 'chsh' to %SETUID-PROGRAMS. > > * gnu/system/pam.scm (base-pam-services): Add "chsh". > * gnu/system.scm (%setuid-programs): Add chsh. > --- > gnu/system.scm | 1 + > gnu/system/pam.scm | 4 ++-- > 2 files changed, 3 insertions(+), 2 deletions(-) > > diff --git a/gnu/system.scm b/gnu/system.scm > index b00d384fee..a85ec109ac 100644 > --- a/gnu/system.scm > +++ b/gnu/system.scm > @@ -794,6 +794,7 @@ use 'plain-file' instead~%") > ;; Default set of setuid-root programs. > (let ((shadow (@ (gnu packages admin) shadow))) > (list (file-append shadow "/bin/passwd") > + (file-append shadow "/bin/chsh") > (file-append shadow "/bin/su") > (file-append shadow "/bin/newuidmap") > (file-append shadow "/bin/newgidmap") > diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm > index 13f76a50ed..27239c5621 100644 > --- a/gnu/system/pam.scm > +++ b/gnu/system/pam.scm > @@ -1,5 +1,5 @@ > ;;; GNU Guix --- Functional package management for GNU > -;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <l...@gnu.org> > +;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2019 Ludovic Courtès > <l...@gnu.org> > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -265,7 +265,7 @@ authenticate to run COMMAND." > ;; These programs are setuid-root. > (map (cut unix-pam-service <> > #:allow-empty-passwords? allow-empty-passwords?) > - '("passwd" "sudo")) > + '("passwd" "chsh" "sudo")) > ;; This is setuid-root, as well. Allow root to run "su" without > ;; authenticating. > (list (unix-pam-service "su" > -- > 2.21.0 > > From 6ab1ecd628f13829e31e4bcbe7bf0ff53951eedd Mon Sep 17 00:00:00 2001 > From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <l...@gnu.org> > Date: Thu, 25 Apr 2019 12:23:11 +0200 > Subject: [PATCH 2/2] doc: Document 'chsh'. > > * doc/guix.texi (User Accounts): Document 'chsh'. > --- > doc/guix.texi | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/doc/guix.texi b/doc/guix.texi > index 879cb562e9..b5048f7269 100644 > --- a/doc/guix.texi > +++ b/doc/guix.texi > @@ -11000,6 +11000,15 @@ if it does not exist yet. > This is a G-expression denoting the file name of a program to be used as > the shell (@pxref{G-Expressions}). > > +Users may change their shell at any time by running the @command{chsh} > +command---run @command{man chsh} for more info. The list of allowed shells > +can be found in the @file{/etc/shells} file, which is itself the combination > +of the @code{shell} fields of all the user accounts. > + > +Because the account's shell is user-modifiable system state---just like > +passwords---it is preserved across reboots and reconfiguration, even if the > +administrator changes the value of the @code{shell} field. > + > @item @code{system?} (default: @code{#f}) > This Boolean value indicates whether the account is a ``system'' > account. System accounts are sometimes treated specially; for instance,