-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ghaf user accounts #827
Ghaf user accounts #827
Conversation
- enable systemd boot in initrd by default - add systemd verbosity flag - add device path in storagevm to allow impermanence to mount fs Signed-off-by: Manuel Bluhm <[email protected]>
This comment was marked as outdated.
This comment was marked as outdated.
Updates with b8a9aef:
|
Checked with native NX and AGX. Issues:
With
Checked with cross compile AGX: Issues:
Working with native and crosscompile:
|
This comment was marked as outdated.
This comment was marked as outdated.
This is not necessarily an indication of whether or not desktop switching is working. To confirm, testing should include opening any window in the active workspace/desktop, then switching desktops by any means and seeing if the window disappears and reappears as expected. If yes, then the issue is related to the workspace tracking file. By default, the workspace tracking file is located in Edit: checking logs of ewwbar service might also be beneficial - |
Looks like home directory is not set correctly, it's defaulting to |
- introducing userborn - disabling mutable users - re-factoring ghaf account to admin account - introducing login user account with homed + auxiliary accounts - impermanence flake input pinned to userborn patch - /etc/machine-id (gui-vm) is currently hardcoded as login user identity file depends on it. It should be generated on first boot and persistet. Workaround is available upstream (after userborn patch) in impermanence but does not seem to work with our setup, investigation required - reverts .face patch, works by copying .face to user home - known login incoveniences: wrong password entry on lock results in multiple errors, user needs to click login if fprint is enabled (only for login not lock) Signed-off-by: Manuel Bluhm <[email protected]>
Update a66f5eb
|
Checked with native and crosscompile NX and AGX. Notes: Working:
|
Tested on Lenovo-X1 (full re-installation) Working:
Issues:
I can create a bug about the issues if this pr gets merged with them. |
Checked with Risc-V Working:
No new issue found in manual testing. |
The changes address the separation between declarative and runtime users.Non-declarative users are introduced that allow changes without re-building the configuration, and are purely device specific.
For more consistent declarative user management, 'userborn' is introduced, which increases consistency by managing user parameter changes across re-builds. It is enabled for host and all VMs by default. The NixOS configuration
users.mutableUsers
is set to false, thus the generic user tools cannot be used at runtime (passwd
,useradd
, etc.). Further, a new user configuration file allows to conveniently override and set user attributes across the system (e.g., password updates).To manage non-declarative users,
systemd-homed
is used. It offers a variety of concepts that are in line with our requirements such as on-the-fly user creation, encryption, CIFS-integration, and more. For the login-user, passwordchange with
passwd
should work.Code structure
Accounts
Admin account
The 'ghaf' user account is now the admin account (+wheel), and enabled by default in host and all VMs. As this account is for administrative purposes, it should not run a desktop session.
Login/desktop user account
The 'loginUser' account can be enabled and sets up a non-declarative user with a reserved UID. It is a self-contained account, bootstrapped via the home folder, that currently runs the user desktop session. Files in
/var/lib/systemd/home
bind the home folder to the machine.Auxiliary accounts
Two auxiliary accounts are available that share the login users UID to
keep these UIDs consistent across VMs:
This user is used in system VMs that provide services. These services
are currently accessible via the dbus proxy, and require the same UID.
This user is used in app VMs to run the user sessions (including applications).
The shared UID is helpful to map access rights across machines and support
legacy functionality.
Other (declarative/managed) user accounts
While any additional user accounts may be freely created and administered, a template for configuration managed users is provided.
Future work
This patch introduces new account management on Ghaf. Based on the changes, future work is required to extend it.
Extending login-user functionality
Currently, a minimalistic setup script runs on first GUI-VM boot. The login
user setup may be extended with:
Improvement of user creation script
Graphical interface for user creation
Feature integration: (supported by homed)
Potential re-work to run graphical session as static user
Potential multi-user system with migratable data
Further user account improvements
User data implications
While the login user setup provides some containment, currently user data is still
spread across the system, such as
Respective mechanisms are currently under investigation.
Implementation notes
It should be generated on first boot and persistet. Workaround is available upstream (after
userborn patch) in impermanence but does not seem to work with our setup, investigation required
login if fprint is enabled (only for new login, not lock)
Checklist for things done
x86_64
aarch64
riscv64
make-checks
and it passesnixos-rebuild ... switch
Instructions for Testing
As this PR affects all of Ghaf, extensive testing is required. All desktop functionality should
be tested, and all targets verified. All VMs are running with systemd stage1 boot, and
all cross-vm functionality that previously used ssh + ghaf user is affected.
As this patch also re-names VM shares, target should be flashed before testing.
List all targets that this applies to: Lenovo x1, all targets may be affected
Is this a new feature
passwd
can be used to change user passwordIf it is an improvement how does it impact existing functionality?